2600: The Hacker Quarterly (Volume 5, Number 4, Winter 1988)

2600
The Hacker Ouarterly
Volume 5. Number 4 Winter, 1988-89
1884 saw the beginning of public call offices.

The National Telephone Company charged 2d
(or Ip) for a three minute call.
The Nntionnl Talaphoqa Company, Umttalf.
---
PUllLIC CALL OOIOla.
'u.au' •.
LOC41. CAW (............ a..-p """""
. r ... ..."........... ~........... «I..",Uk:n.... (·~uft. . . . . . . ~. .J.... .,

. . . . _ .... CoII..
1.''faOO'l'lO.'.
-. . . - _. __.. I_ ... __ .... ..-.

1'0 C.uJ. TIlE EXCIIA,<;It-T........ '-lie. 1_ ..... -.._ ..... _ .... _ ...
.......... .... ...... ...". u.. ~n_ ~ u... ...., 'If"a tIM ftWt. . _
..,. ............ ,-.
............ ...,u.~,.. ..... !Nt II .... I~..., v....: ... ~I,. tM ............. ,. . . . . . . . .
till ........ 01 .... ptNII'f• ..u u.ouac u.. ......... JOUI""'"

~_III
r... ..,.... .... _ wi
1t . . . . . . :l_tuan~1S~"...~:un._,. . . . . . . . . . . . . . _ ....... "' . .
........ ~ .... _ , ........ lt . . . . . . .,CIHt......... ~.'CT ....... ML •
u.... ........-.... _ ....... ,. t.:MMC 4&1 VII" CIIilN..
uw- ... .,_ "'_oJ ... ~ ......,.,......,... _ '" _"'_
--. .... 4_~"".tII ~.~_ ... of IMta 10.. . . . . . ~ 1liI...,............
...-.""_ ... _ _..,11.-..-*"''"',,'''' ...... __ ..,... - ' 1 _ ...

_ . . it ..............
............ _ _ _ _ _ .. ..u,.. L............. ____
11'_.......,.,................ __•._
~
..................
. . . . ___
. . . . _wIIIob _ _
..... CIooto....-..
~~_wiIl--...auo.-_
u.. .... _"'r..... .........
_
. __..
........
• poDIM _ _
.l tIoo a..........oa rqOJ .. " " 1 - o,.r- ... --.. Ie _ _
_ _ \O UO' . . . . . . . . .
Ia.......,
..
~
\
I
I
4
I
i
I
'
-sw. MOl IW ""', bJ' <ilia _ ......, -IlIaC ot uo. .~ ... " ' - .
We Know
You should have had this issue last in this column) and are rather
month. We know. We're sorry. pleased with the results. We have all
Hut just because we avoided the ofthe advantages ofequal access
holiday rush (by not contributing to and direct overseas dialing without
it) doesn't mean that you'll be losing having an electronic or digital
out. Infact, we used the extra time switch. The extra time involved to
to further pursue the late breaking complete a call is negligible. And
MCI scandal (see page 10) as well touch tones are still free!
as a couple of other stories, includ The MCI story is the first result of
ing the latest on the famous virus. our new toy. As we scan out differ
We've been playing with our new ent companies and investigate them,
adjunctframe (mentioned last time more tales will unfold.
STAFFBOX
Editor-In-Chief
Emmanuel Goldstein
Office Manager Artwork

Bobby Arwatt Tish Valter Koch
Writers: Eric Corley, Thomas Covenant, John Drake, Mr. French,

The Glitch, Chester Holmes, Lex Luthor, Phantom Phreaker,
Bill from RNOC, David Ruderman, Lou Scannon, Silent Switchman,
Mike Yuhas, and the usual anonymous bunch.
2600 (ISSN 0749-3851) is published quarterly by 2600 Enlerprises Inc.. 7 Strong's Lane. Setauket.
NY 11733. Second class postage permit p,tnding at Setauket. New York
POSTMASTER: Send address changes to 2600, P,O. Box 752, Middle Island, NY 11953-0752.
Copyright (c) 1988. 2600 Enterprises, Inc.
Yearly subscription: U,S. and Canada" $15 individual, $40 corporate.
Overseas -- $25 individual, $55 corporate.
Back issues available for 1984. 1985. 1986, 1987 at $25 per year, $30 per year overseas.
ADDRESS ALL SUBSCRIPTION CORRESPONDENCE TO: 26M Subscription Dept., P.O.
Box 752, Middle Island, NY 11953-0752.
FOR LETTERS AND ARTICLE SUBMISSIONS, WRITE TO: 2600 Editorial Dept., P.O. Box
99. Middle Island, NY 11953-0099.

2(J)0 Office Line: 516-751-2600
BBS 1# I (OSUNY): 914-725 -4060 (down atthe moment)
BBS 112 (CENTRAL OFFICE): 914-234-3260
BBS 113 (YOYODYNE): 402-564-4518
BBS 114 (BEEHIVE): 703-823-6591
BBS #5 (HACKER'S DEN): 718-358-9209
USENET ADDRESS: 260<Xi!ldasysI.UUCP
ARPAKET ADDRESS: phri!dasys1 !26OO@nyu
Winter 1988-89 2600 Magazine Page 3

A Report on the
by Bob Page
worm opens a TCP connection to
University of Lowell
another machine's sendmail (the
Computer Science Depanment
SMTP port), invokes debug mode,
(Reprinted from the RISKS and sends a RCPT TO that
Newsletter, an electronic publica requests its data be piped through
tion available on many machines a shell. That data, a shell script
that are accessible by networks.) (first-stage bootstrap) creates a
temporary second-stage bootstrap
Here's the scoop on the file called x$$,11.c (where "$$" is
"Inte'rnet Worm". Actually it's not a the current process ID). This is a
virus a virus is a piece of code small (40-line) C program.
that adds itself to other programs, The first-stage bootstrap com
including operating systems. It piles this program with the local cc
cannot run independently, but and executes it with arguments
rather requires that its "host" pro giving the Internet hostid/
gram be run to activate it. As such, socket/password of where it just
it has a clear analogy to biological came from. The second-stage
viruses -- those viruses are not bootstrap (the compiled C pro
considered live, but they invade gram) sucks over two object files,
host cells and take them over, x$$,vax.o and x$$,sun3.0 from the
making them produce new viruses. attacking host. It has an array for
A worm is a program that can 20 file names (presumably for 20
run by itself and can propagate a different machines), but only two
fully working version of itself to (vax and sun) were compiled in to
other machines. As such, what this code. It then figures out
was set loose on the Internet was whether it's running under BSD or
clearly a worm. SunOS and links the appropriate
This data was collected through file against the C library to produce
an emergency mailing list set up an executable program called
by Gene Spafford at Purdue lusr/tmp/sh -- so it looks like the
University, for administrators of Bourne shell to anyone who
major Internet sites some of the looked there.
text is included verbatim from that The Fingerd Attack
list. In the fingerd attack, it tries to
The basic object of the worm is infiltrate systems via a bug in fin
to get a shell on another machine gerd, the finger daemon.
so it can reproduce further. There Apparently this is where most of its
are three ways it attacks: send success was (not in sendmail, as
mail, fingerd, and rsh/rexec. was originally reported). When fin
The Sendmail Attack gerd is connected to, it reads its
In the send mail attack, the arguments from a pipe, but doesn't
Page 4 2600 Magazine Winter 1988-89

Internet Worm
limit how much it reads. If it reads special "popular" passwords:

more than the internal 512-byte aaa, academia, aerobics, air
buffer allowed, it writes past the plane, albany, albatross, albert,
end of its stack. After the stack is a alex, alexander, algebra, aliases,
command to be executed alphabet, ama. amorphous, ana
("/usr/ucb/finger") that actually log, anchor, andromache, ani
does the work. On a VAX, the mals, answer, anthropogenic,
worm knew how much further from anvils, anything, aria, ariadne,
the stack it had to clobber to get to arrow, arthur, athena, atmo
this comr;nand, ____________ sphere, aztecs,
which it replaced " . . azure.
with the command It lS pretty successful in bacchus, bailey,
"/bin/sh" (the finding passwords, as most banana, bananas,
bourne shell). So people don't choose them bandit, banks, bar

inslead of the fin- very well." ber, baritone, bass,
ger command
being executed, a------------beater,
shell was started with no argu beethoven. beloved, benz,
bassoon, batman,
beauty,
menls. Since this is run in the con beowulf, berkeley, berliner, beryl,
text of the finger daemon, stdin beverly, bicameral, bob, brenda,
and stdout are connected to the brian, bridget, broadway, bum
network socket, and all the files bling, burgess.
were sucked over just like the shell campanile, cantor, cardinal,
that sendmail provided. carmen, carolina, caroline, cas
The RSH/REXEC Attack cades, castle, cat, cayuga, cellics,
The third way it tried to get into cerulean, change, charles, charm
systems was via the .rhosts and ing, charon, chester, cigar, clas
letclhosts.equiv files to determine sic, clusters, coffee, coke, collins,
"'rusted" hosts where it might be comrades, computer, condo,
able to migrate to. To use the cookie, cooper, cornelius, cous
.rhosls feature, it needed to actual- cous, creation, creosote, cretin.
Iy get into people's accounts - daemon, dancer, daniel,
siQce the worm was not running as danny, dave, december, defoe,
root (it was running as daemon) it deluge, desperate, develop,
had to figure out people's pass dieter, digital, discovery, disney,
words. To do this, it went through dog, drought, duncan.
the letc/passwd file, trying to eager, eaSier, edges, edin
guess passwords. It tried combina burgh, edwin, edwina, egghead,
lions of- the username, the last, eiderdown, eileen, einstein, ele
first, last and first, nicknames (from phant, elizabeth, ellen, emerald,
the GECOS field), and a list of engine, engineer, enterprise,
Wimer 1988-89 2600 Magazine Page 5

The Virus
enzyme, ersatz, establish, estate, outlaw. oxford.

euclid, evelyn, extension. pacific, painless, pakistan,
fairway, felicia, fender, fermat, pam, papers, password. patriCia,
fidelity, finite, fishers, flakes, float, penguin, peoria, percolate, per
flower, flowers, foolproof, football, Simmon, persona, pete, peter,
foresight, format, forsythe, fourier, philip, phoenix, pierre, pizza,
fred, friend, frighten, fun, fungible. plover, plymouth, polynomial,
gabriel, gardner, garfield, pondering, pork, poster, praise,
gauss, george, gertrude, ginger, precious, prelude, prince, prince
glaci,er, gnu, golfer, gorgeous, ton, protect, protozoa, pumpkin,
gorges, gosling, gouge, graham, puneet, puppet.
gryphon, guest, guitar, gumption, rabbit, rachmaninoff, rainbow,
guntis, raindrop, raleigh, random, rascal,
hacker, hamlet, handily, hap really, rebecca, remote, rick, rip
pening, harmony, harold, harvey, ple, robotics, rochester, rolex,
hebrides, heinlein, hello, help, romano, ronald, rosebud, rose
herbert, hiawatha, hibernia, mary, roses, ruben, rules, ruth.
honey, horse, horus, hutchins. sal, saxon, scamper, scheme,
imbroglio, imperial, include, scott, scotty, secret, sensor,
ingres, inna, innocuous, irishman, serenity, sharks, sharon,
isis. sheffield, sheldon, shiva, shivers,
japan, jessica, jester, jixian, shuttle, Signature, Simon, simple,
johnny, joseph, joshua, judith, jug singer, single, smile, smiles,
gle, julia. smOOCh, smother, snatch,
kathleen, kermit, kernel, kirk snoopy, soap, socrates, sossina,
land, knight. sparrows, spit, spring, springer,
ladle, lambda, lamination, squires, strangle, stratford,
larkin, larry, lazarus, lebesgue, stuttgal1, subway, success, sum
lee, leland, leroy, lewis, light, lisa, mer, super, superstage, support,
louis, lynne. supported, surfer, suzanne,
macintosh, mack, maggot, swearer, symmetry.
magic, malcolm, mark, markus, tangerine, tape, target, tar
marty, marvin, master, maurice, ragon, taylor, telephone, tempta
mel/on, merlin, mets, michael, tion, thailand, tiger, toggle,
michelle, mike, minimum, minsky, tomato, topography, tortOise, toy
moguls, moose, morley, mozart. ota, trails, trivial, trombone, tubas,
nancy, napoleon, nepenthe, tuttle.
ness, network, newton. next, nox umesh, unhappy, unicorn,
ious, nutrition, nyquist. unknown, urchin, utility.
oceanography. ocelot, olivetti. vasant, vertigo, vicky, village,
olivia, oracle. orca, orwell, osiris. virginia.
Page 6 2600 Magazine Winter 1988·89

We Were All Waiting For
warren, water, weenie, what the parent keeps on trying new

not, whiting, whitney, will, william, hosts.
williamsburg, willie, winston, wis One of the things it does before
consin, wizard, wombat. wood it attacks a host is connect to the
wind, wormwood. telnet port and immediately close
yaco, yang, yellowstone, it. Thus, "telnetd: ttloop: peer died"
yosemite. in lusr/admlmessages means the
zap, zimmerman. worm attempted an attack.
[I wouldn't have picked some of The worm's role in life is to
these as "popular" passwords, but reproduce .- nothing more. To do
then again, I'm not a worm writer. that it needs to find other hosts. It
What do I kn0w?] does a "netslat -r -n" to find local
When everything else fails, it routes to other hosts & networks,
opens lusr/dict/words and tries looks in letc/hosts, and uses the
every word in the dictionary. It is yellow pages distributed hosts file
pretty successful in finding pass· if it's available. Any time it finds a
words, as most people don't host, it tries to infect it through one
choose them very well. Once it of the three above methods. Once
gets into someone's account, it it finds a iocal network (like
looks for a .rhosts file and does an 129.63.nn.nn for ulowell) it
"rsh" and/or "rexec" to another sequentially tries every address in
host, sucks over the necessary that range.
files into lusr/tmp and runs If the system crashes or is
lusr/tmp/sh to start all over again. rebooted, most system boot proce
Between these three methods dures clear Itmp and lusrltmp as a
of attack (sendmail, fingerd, matter of course, erasing any evi
.rhosts), it was able to spread very dence. However, sendmaillog files
quickly. show mail coming in from user
The Worm Itself Idev/null for user Ibin/sed, which is
The "sh" program is the actual a tipoff that the worm entered.
worm. When it starts up it clobbers Each time the worm is started,
its argv array so a "ps" will not there is a 1/15 chance (it calls ran
show its name. It opens all its nec domO) that it sends a single byte
essary files, then unlinks (deletes) to ernie.berkeley.edu on some
them so they can't be found (since magic port, apparently to act as
it has them open, however, it can some kind of monitoring mecha
still access the contents). It then nism.
tries to infect as many other hosts The Crackdown
as possible .- when it successfully Three main 'swat' teams from
connects to one host, it forks a Berkeley, MIT, and Purdue found
child to continue the infection while copies of the VAX code (the .0
Winter /988-89 2600 Magazine Page 7

Chaos in the
files had all the symbols intact with Anyone who looks at the binary
somewhat meaningful names) and will not see any embedded strings
disassembled it into about 3000 - they are XOR'ed with 81 (hex).
lines of C. The BSD development That's how the shell commands
team poked fun at the code, even are imbedded. The "obvious"
going so far to point out bUgs in passwords are stored with their
the code and supplying source high bit set.
patches for it! They have not Although it spreads very fast, it
released the actual source code, is somewhat slowed down by the
howev.er, and refuse to do so. That fact that it drives the load average
could change -- there are a num up on the machine -- this is due to
ber of people who want to see the all the encryptions going on, and
code. the large number of incoming
Portions of the code appear worms from other machines.
incomplete, as if the program [Initially, the fastest defense
development was not yet finished. against the worm is to create a
For example, it knows the offset directory called lusr/tmp/sh. The
needed to break the BSD fingerd, script that creates lusrltmp/sh from
but doesn't know the correct offset one of the .0 files checks to see if
for Sun's fingerd (which causes it lusr/tmplsh exists. but not to see if
to dump core); it also doesn't it's a directory. This fix is known as
erase its tracks as cleverly as it "the condom".]
might; and so on. Now What?
The worm uses a variable None of the ULoweli machines
called "pleasequit" but doesn't cor were hit by the worm. When BBN
rectly initialize it, so some folks staffers found their systems infect
added a module called _worm.o to ed, they cut themselves off from all
the C library, which is produced other hosts. Since our connection
from: int pleasequit :::; -1; the fact to the Internet is through BBN, we
that this value is set to -1 will were cut off as well. Before we
cause it to exit after one iteration. were cut off, I received mail about
The close scrutiny of the code the sendmail problem and installed
also turned up comments on the a patch to disable the feature the
programmer's style. Verbatim from worm uses to get in through send
someone at MIT: "From disassem mail. I had made local modifica
bling the code, it looks like the pro tions to fingerd which changed the
grammer is really anally retentive offsets, so any attempt to scribble
about checking return codes, and, over the stack would probably
in addition, prefers to use array have ended up in a core dump.
indexing instead of pointers to Most Internet systems running
walk through arrays." 4.3BSD or SunOS have installed

computer Networks
possible that the bytes sent to

the necessary patches to close the ernie.berkeley.edu were intended
holes and have rejoined the to monitor the spread of the worm.
Internet. As you would expect, Some news reports mentioned
there is a renewed interest in sys that he panicked when, via some
tem/network security, finding and "monitoring mechanism" he saw
plugging holes. and speculation how fast it had propagated.
over what will happen to the A source inside DEC reports
worm's creator. that although the worm didn't
If you haven't read or watched make much progress there, it was
the news, various log files have sighted on several machines that
named the responsible person as wouldn't be on its normal propaga
Robert Morris Jr., a 23-year old tion path, Le. not gateways and
doctoral student at Cornell. His not on the same subnet. These
father is head of the National machines are not reachable from
Computer Security Center, the the outside. Morris was a summer
NSA's public effort in computer intern at DEC in '87. He might
security, and has lectured widely have included names or address
on security aspects of UNIX. es he remembered as targets for
AssOCiates of the student claim infesting hidden internal networks. .
the worm was a "mistake" -- that Most of the DEC machines in
he intended to unleash it but it was question belong to the group he
not supposed to move so quickly worked in.
or spread so much. His goal (from The final word has not been
what I understand) was to have a written -- I don't think the FBI has
program "live" within the Internet. If even met with this guy yet. It will
the reports that he intended it to be interesting to see what hap
. spread slowly are true, then it's pens.
DO YOU HAV£ A fULL SET
OF 2600 BACK ISSUES?
They're available at a rate of $25 per year ordered. Back issues
start with t 984 and indude every issue up to the present.
(1988 issues are still available at $5 each. All others are sold
ONLY by year.) Send your order to:
2600 Back Issues
POBox 752
Middle Island. NY t 1953

MCI: The Phone Company With
It all started with what sounded like a Perhaps MCI feels they're taking a cal
friendly phone call in October: culated risk here. They only seem to make
"Hello, this is Patricia from MCL We these calls to people who already USE!' MCI
noticed that you presently have an account in some form. Maybe they feel these peo
with MCI and we wanted to let you !mow ple won't raise a fuss when they discover
that we'll be offering 'one plus' service in who their long distance company is. In
your area starting December 10th. We'd fact, they may never even discover that
like to verify your address." MCI is their carrier since they most likely
The nice lady then read us our address, have been getting MCI bills in the past.
which was one hundred percent correct. Remember, these are people who have
She then said another person would call us already been using MCl's services.
to confirm this information. That call Regardless of whether or not it pays
came within minutes and was almost iden off. it's distressirig to see such dishonest
tical in content. tactics on the part of a major company.
A couple of weeks later we got another This isn't our only gripe with MCI. We
one of those calls on another of our lines had been using an account on MCfs 950
that had an MCI account attached to it. 1986 dialup. In November we paid the bill
But this time the second call never came. a few days late (it was under $10). Well,
In early December, equal access came 10 and behold. they disconnected our code
to our phone lines. We decided to check without any warning. When we asked
the status of those two lines that had got them to reconnect it, they said they would
ten the calls, We dialed 1-700-555-4141. have to handle our payment for 10 days
And guess what? They had both been first. Ten days went by and the code was
claimed by MCL Surprised? We weren't. still down. We asked again. This time.
In fact, when those cal1s come in, we they said they were phasing out that ser
expected them to try and pull this scam vice, so they couldn't reconnect us. But
we'd heard so much about. They made one they came up with a bright idea. We could
big mistake though -- they tried it on us. use our 14-digit MCI Card code instead of
We always listen very carefully when our old 5-digit code. "It's just as easy to
phone companies call us, And we can say remember," they said.
very definitely that MCI never asked us if Clearly, they have the right to phase
we wanted to choose them as our long dis out their services and replace them with
tance carrier. All they asked us to do was less desirable ones. But once again. it's the
to verify our address. way in which they did it. MCI jumped at
OK, so it was a sloppy representative. the first opportuniry to take away our old
Maybe even a corrupt one. How can you code instead of being up front and letting
condemn an entire company because of their customers know that as of a certain
the actions of one person? That's quite date this service would be terminated.
easy, It happened more than once. Being sneaky about it doesn't do anyone
Different representatives called diffe;enl any good.
phone numbers and gave the same little The Real Scam
speech, And we've found out that other We've saved the best for last. When we
people have gotten the same treatment. discovered that MCI had selected them
This indicates to us that these representa selves as our long distance carriers, we
tives are reading a script that tells them decided to experiment a little. One of our
no/ to a')k the customer whether they actu experiments involved trying to make an
ally wan.1 Mel's "one plus" service. operator assisted call ("zero plus") on an
Address verification. aftel al1. is a much MCI line. MCI doesn't offer operator
less controversial issue, assisted services. So we were curious as to

A Lot of Explaining To Do
what would happen when we tried to do know that your friend selected MCI as his
this. long distance carrier and that you've just
What happened was a big surprise. We been swindled by an AOS? Perhaps MCl's
gOl the same little fading dial tone that we new slogan can be: "We bring the thrill of
got on AT&T ~~ in other words, the hotel phones right into your own home!"
prompt to enter our AT&T calling card Now we should point out that this
number. We entered the card number and "NTS Connection" doesn't work every
were astounded to hear a recording say, where. In some areas you get recordings
"Thank you for using NTS." when you try to make "zero plus" calls
NTS? Who the hell were they?' And using Mel. We need to know where it
what were they doing accepting AT&T does work. You can find out at no charge
calling card numbers on Mel lines'! by dialing 10222~0 followed by a ten digit
We'll skip all of the drama and simply phone number (you can use your own). If
tell you what we found out. NTS is an you hear a fading dial tone, it means
Allcmate Operator Service (AOS) compa you're about to be connected to NTS. You
ny. They handle calls from hotel rooms can stay on and ask a whole lot of ques
and privately owned payphones. Their tions if you want. Let us know if it works
rates are often double those of AT&T. in your area. (You can do the above even
And it seems that in various parts of the if MCI isn't your primary carrier the
country, MCI has a clandestine relation 10222 routes the call to MCI. You must
ship with these people. We say clandestine have equal access in your area in order to
because we're in the habit of reading all of try this.)
the literature from every phone company There's really not much more to add.
that serves our area. And nowhere has this We are demanding a public statement
lillie "service" been mentioned. We have from Mel addressing the issues of signing
yet to find anyone in MCI who is even up unsuspecting consumers and billing
aware of this arrangement. On the other their own customers exorbitant rates for
hand, NTS (based in Rockville, Maryland) operator-assisted calls without telling
is quite proud of the Mel connection. All them. We don't expect to ever get such a
of the NTS operators (who can trick any statement.
one into believing they're really from Several yeats ago, we printed a story
AT&T) are aware that they provide ser about MCl's electronic mail system. Mel
vice for MCI "zero plus" customers. Mail, which had a policy of terminating
Why does Mel use an AOS? We can't accounts that had received mail not to
imagine. But we can tell you the effects. If MCl's liking. We called it a flagrant inva
you decide to call someone collect from sion of privacy to peruse the mail of their
YOUT phone and Mel happens to be your own paying subscribers. The president of
long distance carrier, the person who Mel indicated that he couldn't care less.
accepts on the other end will wind up with So all we can say right now is that it
one hell of a surprise when they get the would be a very good idea to boycott
bIll. You'1I be the one getting the surprise Mel for all of the above reasons. A com
if you forget that MCI doesn't have opera pany that resorts to such devious methods
tors ,md you attempt to place an operator of making money and that treats its cus
assisted or calling card call through them. tomers so shabbily is not worthy of the
The most likely scenario, though. would historical significance its founders
be something like this: you visit a friend achieved.
and need to make a phone call from his We would appreciate it if this article
hOllse. Since you don't want to make your was spread around in whatever ways pos
friend pay, you dial it "zero plus" and bill sible.
it \0 your calling c!lld. How are you to
A HACKER'S GUIDE
by Red Knight get in.

Phreakers/Hackers Underground No more log ins . will happen when
Network the system won't accept any more
Brief History of UNIX log ins. This could mean the system is
It's because of Ken Tompson that going down,
today we're able to hack UNIX. He Unknown 10 - will happen if an invalid
used to work for Bell Labs in the 60's. 10 is entered using the (su) command.
Tompson started out using the Your password has expired - This is
MULTICS as. It was later eliminated quite rare. Reading the etclpasswd will
and Tompson was left without an show you at what intervals it changes.
operating system to work with. He had You may not change the password
to come up with something really The password has not yet aged
quick. He did some research and in enough. The administrator sets the
1969 UNIX came into being. It was a quotas for the users.
single user system and it didn't have Unknown group [group's name]
many capabilities. In a combined effort occurs when chgrp is executed and
with others he rewrote the version in C the group doesn't exist.
and added some good features. This Sorry· indicates that you have typed
version came out in 1973 and was in an invalid super user password
made available to the public. This was (execution of the su).
the beginning of UNIX as it's presently Permission denied! - indicates you
k.nown. The more refined version of must be the owner or a super user to
UNIX is known as UNIX system V. It change the password.
Nas developed by Berkeley University Sorry [t of weeks] since last
and it has unique capabilities. change· this will happen when the
Various types of UNIXes are CPIX, password has not aged enough and
Berkeley Ver 4.1. Berkeley 4.2, FOS, you try to change it.
Genix, HP-UX, ISII, OSx, PC· IX, [directory name]: no permission
PERPOS, Sys3, Ultrix, Xenix, you are trying to remove a directory for
UNITY, VENIX, UTS, Unisys, which you have no permission.
Uniplus+. UNOS, IdflS, QNIX, [file name] not removed - trying to
Coherent, CromlX, System III. System delete a file owned by another user
7. sixth edition. that you don't have write permission
Hacking UNIX for,
I beheve that hacking into any com· [dirname] not removed· ownership
puter requires knowledge of the oper of the dir that you're trying to delete is
ating system itself. Basically what I will not yours.
try to do is get you to be more familiar [dlrname] not empty - the directory
with UNIX operation and its useful contains files so you must delete the
commands, files before executing the rmdir.
Error Messages (UNIX system V) [command] not found - you have
Login incorrect - an invalid 10 and/or entered an invalid command which is
password was entered. This means not known to UNIX.
very little. In UNIX there is no way of can't execute pwd - something's
gueSSing valid user 10's. You may wrong with the system and it can't exe·
come across this one when trying to cute the pwd command.
"age 12 2600 Magazine Winter /988-89

TO UNIX
cannot chdlr to " - (.. means one

edcasey, and also some containing
level up) permission is required to exe numbers: smith1, mitu6, and some
cute pwd above the current directory.
containing special characters like bre
can't open [file name] you defined
mer$, j#fox. Login names have to be 3
the wrong path or file name or you
to 8 characters in length, lowercase,
have no read permission.
and must start with a letter. In some
cp: [file name] and [file name) are
XENIX systems one may login as
identical - self-explanatory.
"guest".
cannot locate parent directory,
User Level Accounts
occurs when using mv.
In UNIX they have what are called
[file name] not found file which
accounts. These accounts can be
you're trying to move doesn't exist.
used at the ~Iogin:~ prompt. Here is a
You have mall - self-explanatory.
list:
Error Messages sys
(Basic Networking Utility) bin
cu: not found networking not trouble
installed. daemon
login failed - invalid 10 or password or uucp
wrong number specified. nuucp
dial failed - the system never rje
answered due to a wrong number. Ip
uucp completely failed did not adm
specify file after -so listen - if starlan is installed
wrong time to call - you called at a
time not specified in the systems file.
system not in systems, you called a "Super user accounts
remote not in the systems file.

UNIX Logon Format make UNIX worth
The first thing you must do is switch

to lower case. hacking. "
Here is what you will see (some

times there will be no system identifi
er).
AT&T UNIX Sys VR3.0 (example of a Super User Accounts

system identifier) And then there are super user
accounts which make UNIX worth
login: hacking. These accounts are used for
or a specific job. In large systems they
Login: are assigned to users who have a
responsibility to maintain subsystems.
Any of these is a UNIX. This is They are as follows (all lower case):
where you will have to guess at a valid root - this is a must. The system
user 10. Here are some that I have comes configured with it. It has no
come across: glr, glt, radgo, rml. restrictions. It has power over every
chester, cat, 10m. cora. hlto, hwill,

HACKING AWAY
other account.
The letters can be in upper case or
unmountsys . unmounts files.
lower case. Here are some of the
setup. system setup.
passwords that 1 have seen: Ansuya1,
makefsys . makes a new file.
PlATOON6, uFo/7B, ShAsHi .. ,
sysadm . allows useful commands
Div417co.
(doesn't need root login).
The passwords for the super user
powerdown . powering system down.
accounts will be difficult to hack. You
mountfsys . mounts files.
can try th'e accounts interchangeably
checkfsys . checks files.
(example: login:sysadm password:
Thes.e accounts will definitely have makefsys). It really could be anything.
passwords assigned to them. These The user passwords are changed by
accounts are also commands used by an aging process at successive inter·
the system administrator. Here are vals. The users are forced to change
some examples of accounts I have it. The super user will pick a password
seen' that won't need changing for a long
cron
period of time.
uuhelp
You Have Made It!
usenet
The hard part is over and hopefully
anonuccp
you have hacked a super-user
news
account. The next thing you'll probably
network
see is the system news:
bellboy
Ip
login:john
vector
password:hacker1
guest
System news
games
There wilt be no networking offered
ninja
to the users till August 15, due to
vote
hardware problems.
warble
sysinfo
$
Password Entry $ is the UNIX prompt which means

After the login prompt you will that UNIX is waiting for a command to
receive a password prompt: be entered. I will use this throughout
the article to show outputs, etc. (it's
password:
not a part of the command). # means
or
you're logged in as root (very good).
Password:
How UNIX is Made Up
UNIX is made up of three compo
Enter the password (it won't echo). nents: the shell, the kernal, and the file
The password rule is as follows: each system.
password has to contain at least six The Shell
characters. The maximum is eight. The sheH is a high level language.
Two of these have to be letters and at It has two important uses. It acts as a
least one has to be a number or a spe· command interpreter. For instance,
cial character. when using commands like cat, who,

ON UNIX
Is, etc., the shell is at work figuring out ular user (this directory contains the
whether you have entered a command Ipasswd file).
correctly or not. The second most Here are some files under the letc
important reason for the shell is its directory:
ability to be used as programming lan letclpasswd
guage. Suppose you're performing letclutmp
some tasks repeatedly over and over letcladm/sulog
again. You can program the shell to do letclmotd
this for you. letclgroup
The Kernal letclconf
You could say that the kernal is the letclprofile

heart of the UNIX operating system.
The kernal is a low level language Idev - contains files for physical
lower than the shell which maintains devices such as the printer and the
processes. The kernal handles memo disk drives.
ry usage. maintains the file system,
the software, and hardware devices. Itmp - temporary file directory.
The File System
The file system in UNIX is divided /lib - directory that contains programs
into three categories: directories. ordi for high level languages.
nary files. and special files. (d,-)
SEE FIGURE A. lusr - this directory contains directo
ries for each user on the system.
lunix - is the kernal Example of a list of files under lusr:
lusrltmp
letc - contains system administrator's lusrllib
files. Most are not available to the reg lusr/docs
Basic s!ructure
(I) • this IS an abbreviation for the root directory.

root level root
(/) system
....................................+.................................level
I I I I I I I I
IUniX liHC Idev Itmp Ilib lusr lusr2 Ibin
I __L .._
10gll1 passwd I I I
level /john Icathy
-1-'
,profile {mail
I
lpers Igames fbin
I
I I
fmichelle
_l_ _
·.profile in case I _L I
you wish to change capital I I data I I
, your environment. othello stalWars letter lelter1
Afler you log off, il
resets to the default.
FIGURE ill.

HACKER'S GUIDE
lusrlnews lusr/john • assuming that you have

lusrlspool
hacked into John's account.
lusr Ispooi/ip
$
fusr/lib/uucp
Now let's say you wanted to move

!bin - contains executable programs down to the michelle directory (you
(commands) own this) which contains letters. You
would type in:
The root also contains: $cd michelle
Ibck - used to mount a backup file or
system. $ cd usr/john/michelle
linstall - used to install and remove $pwd
utilities. lusr/john/mlchelle
Ilost+found this is where all the $
removed files go. This dir is used by To go back one directory. type in:
fsck (1M), $cd •.
Isave - a utility used to save data. or to go back to your parent directo
Imnt - used for temporary mounting. ry, just type in ·cd".
To list file directories. assuming you
local Commands are in the parent directory:
Explained in Detail $Is lusr/john
At the UNIX prompt, type the pwd mall
command. It will show you the current pers
working directory you are in. games
bin
$pwd michelle
lusr/admin - assuming that you have This won't give you the .profile file.
hacked into a super user account. To view it type:
$ $cd
$Is -a
This gives you the full login directo
ry. The I before tells you the location
of the root directory, .profile
or
To list file names in michelle's
(refer to the diagram above)
directory type in:
$pwd
$ Is michelle (that is, if you're in the
$15 -I
total 60
·rwxr-x.. - 5 John bluebox 10 april 9 7:04 mail
drwx...... 7 joM bluebox 30 april 2 4:09 pers
-rwxr-.-" 6 cathy bluebox 13 april 1 13:00 pariys
$
FIGURE B
Page /6 2600 Magazine Winter 1988-89

TO UNIX
"john" directory) permission, means remove permis

$ Is lusrJjohn/michelle (parent direc sion, = means assign. Example: if you
tory) wanted all other users to read the file
named mail, you would type:
Is -I $ chmod o+r mall
The Is -I is an an important com
mand in UNIX. This command dis cat
plays the whole directory in long Now suppose you wanted to read
format. Run this in the parent directo the file letter. There are two ways of
ry. doing this_ First, go to the michelle
SEE FIGURE B. directory. Then type in:
The total 60 tells you the amount of $ cat letter
disk space used in a directory. The line one •••\
rWXr-X--- is read in triples of three. The line two •..the output of letter
first character (-,d,b,c) means the fol line three ••J
lowing: - is an ordinary file, d is a $
directory. b is a block file, c is a char or if you are in the parent directory,
acter file. type in:
The r stands for read permission, w $ cat lusrJjohn/mlchelie/letter
for write permission, x for execute. and you will have the same output
The first column is read in three triples Some cat options are: Os, -u, -v, -e, -t.
as stated above. The first group of Special Characters In UNIX
three (in -rwxr-x---) after the "-" * - matches any number of single char
specifies the permission for the owner acters. (Example: Is john' will list all
of the file, the second triple is for the files that begin with john.)
groups (the fourth column), and the [.••J . matches anyone of the charac
last triple indicates the permissions for ters in the [ ].
all other users. Therefore the -rwxr-x-- ? - matches any single character.
is read as follows: the owner john has & - runs a process in the background
permission to read, write, and execute leaving your terminal free.
anything in the bin directory but the $ - values used for variables also $n •
group has no write permission to it and null argument.
the rest of the users have no permis > - redirects output.
sion at a·11. The format of one of the < - redirects input to come from a file.
lines in the above output is as follows: » - redirects command to be added
file type/permissions, links, user's to the end of a file.
name, group, bytes taken, date, time I - pipe output (Example: wholwc-I tells
when last renewed, directory or fiie us how many users are online).
name.
chmod
The chmod command changes per
mission of a directory or a file. Format passwd
is chmod who(+, -, =)(r, w, x). The who Password changing seems to be a
is substituted by u-user, g-group, 0 big thing among some. To change the
other users, a-all. The + means add password, one would use the "pass
(continued on page 40)
GALL DEPT.
CI
Cl
'"
o
-
a.
'"'"
...I
...<'t
o
.
....
III
......
III
;..:~
CI""
.o~
E .
'" '"
z~
'§t.
8g~
u u '"
<00.
~
o
~
Z
CIt
U
C
III
iii
'iii
:l...
- o
f
CIt
Q.
o
IT TOOK i\ LOT OF GALL for someone to call us collect and somehow convince
an untrained operator that we had accepted the charges and then apparently talk to
our answering machine for seven minutes. It also takes a lot of gall for an Alternate
Operator Service company like the above to charge the astronomical rates they do,
let alone come up with an official sounding name like "Operator Assistance
Network". When we first saw that line on the phone bill, we thought it was some
kind of tax or surcharge. That's why we decided to expend a little gall of our own
and expose the entire sordid affair, phone numbers and all.
Page 18 260() Magazine Winter 1988-89

how to hear phone ca 11 s
You too can be nosy and lis phone base channels are locat
ten in to other people's tele ed.
phone calls with a radio Standard UHF/VHF Scanner:
receiver. Depending on what You can pick up cordless
kind of radio(s) you have. here phones in your immediate
are the things you can pull in: viCinity. IMTS (old style car
Short Wave Radio: You need a phones) in your general area.
general coverage receiver that and airplane phones flying
is capable of receiving in single overhead. For the base sta
sideband mode (SSB) or has a tions. you'll usually hear both
BFO mode. Your antenna can sides of the conversation,
either be the whip antenna on although sometimes the mobUe
the radio or a long piece of caller won't be audible and
wire, ten to fifty feet. running you'll just have to imagine
around your home or better what they're saying. Use either
yet. outside to a tree or pole. the whip antenna on your
You will be able to tune ship to scanner or buy an outdoor
shore telephone calls within scanner antenna. These fre
the following frequency bands quencies are listed in mega
(all numbers in kilohertz): hertz:
4357-4434. Cordless phones
6506-6521. 46.610 to 46.970
8718-8812. IMTS car phones
13100-13197, 152.510 to 152.810
17232-17356. (base stations)
22596-22716. Airplane phones
These frequencies are the 454.025 to 455.000
shore station. which usually (land stations)
broadcasts both sides of the 459.025 to 460.000
conversation. TransmIssions (airplanes)
are in upper sideband (USB) The ECPA bans listening to
mode. Conversations may roll car telephones. Cordless and
in from all over the world. airplane phones are governed
especially at night. and will be by section 605 of the
in many different languages. Communications Act of 1934,
Some shortwave receivers which says you can listen all
can tune all the way down to you want as long as you do not
the AM band. If yours does, divulge the information to any
check 1690 to 1770 kilohertz, one else or use it for profit.
where the old cordless tele 800 Mhz Scanner: Newer

phone ca 11 s are
scanners cover all of the above As mentioned before, the

mentioned scanner frequencies unenforceable ECPA bans lis
as well as the 800 Mhz cellular tening to cellular telephones.
telephones (provided the man Old Television Set: Some of
ufacturer hasn't locked out the the frequency space for cellular
capability). Note that cellular telephones used to be UHF 'IV
telephones are of a wider band channels 79 through 83. That's
width than most other scanner why newer 'IV sets have less
signals, and the average scan UHF channels. If you don't
ner may lose the peaks of some have an 800 Mhz scanner yet.
words, especially a high make sure there's an antenna
pitched women's voice or a per attached (either the UHF loop
son screaming. For an or the UHF lead-in from an
antenna, start with the whip outdoor antenna). and try tun
antenna on the scanner: slide ing across those channels. A
it in all the way so that it is as continuous tuning knob will
short as possible (800 Mhz is a work better than the click stop
small wavelength. so shorter kind. Cellular telephone calls
antennas are called forl. on your 'IV set could be consid
Experiment also with angling ered unwanted Interference.
the whip for better reception. but the law mandates that you
Or purchase an outdoor anten tum your TV set off as soon as
na that is tuned for 800 Mhz. you realize that you are receiv
Or purchase a car cellular ing protected communications.
antenna and mount it outside Standard AM Radio: Haven't
your window (or on your rooD. got any fancy radio equipment
870.000 to 890.000
and don't want to buy any? If
(base stations (cells) for the
your neighbors are using the
standard cellular system.)
older models of cordless
890.000 to 896.000 phones, you might be able to
(base stations for the extended pick up the base channel at the
cellular channels. Not in far end of the AM dial (past
widespread use yet.) 1600).
Palle 20 2600 Mallazine Winter 1988·89

In the air
WHAT MIGHT YOU HEAR ON A CAR < Kids are great, Bill.
PHONE? WE'RE NOT SAYING THAT > You got 'em a iob yet?
ANYONE ACTUAllY USTENS TO THIS < What?
STUFF AND THEN WRIrES Ir DOWN > You got 'em a iob yet?
FOR MAGAZINE ARTICLES, BUT I F

THEY DID, IT MIGHT LOOK LIKE > I feel bad for me. I feel bad
THIS •••• for both of us. My heart
hurts too. I love you.
> Ithink that•••the part of the < Who loves you?
problem is that they got - > (osculating noises) I would
they got a buyer for, for kiss it if I could kiss your
Kent. We'll ius' make it back heart.
in the commission for Kent. < (giggle)
Now you understand that? > It was beating like a little
< Who'll iust make it back? thumper before.
> Huh? < Really?
<Who? > (more osculating noises)
> Jerry, Larry, and you. < God....

> A nice !iffle orgy.
> What do you do with 0 < Umm, I know. God you
group like that? You know. I feel great down there
meon what, I mean what, tonight.
what do you with somebody > Yeah I had it in, I was
like the deal? holding it differently.
< I don't know whot you do < Oh. Felt wonderful.
anymore. I mean, the music > Did you notice that?
is changing so radically it's < Yeah. I told you it felt
hord to keep up. great, whatever it was you
> Yeah. were doing.
< It's hard to find out what to > Uh huh.
do it anyway. < I could tell it was diHerent,
> Yeah. but I don't know what it,
< You know? you're doing.
> Yeah. Yup. How's the kids? > Yeah. It was definitely dif
< How're the kids? ferent•••• (pause) Want me to
> Yeah. tell you what I did?

do not at tem pt
< Sure.
> Okay, then you know
> I like squished it with my
what I'm talking about.
left hand. And I iust left a
< Of course I know, but you
space open for that leeeetle
know, you're looking at it
clitoris to stick out.
like through a microscope••••
< You were squishing it?
> No••..
Cause it felt like you were
< And you're going to say it's
pulling it apart?
entirely different but if you
> Well, at the same time I

stand back and say "Hey••••"
was, had the two fingers

> Alright, watch what hap·
pulling it apart but the bot·

pens with this one••••
tom of my hand, was like,

< Well, I think we could do
squashing it in.
well with it, but it really is
< Uh, well, that felt great.

basically the same concept.
(pause) Oh. God I was

> I don't think so, not at all.
horny.
< You don't think it's the
> You're horny now?

same concept?
< No, I was horny.

> No, nope.
> Oh.
< Noh, then you're losing it.
> No I think they're all ••
< Which one••
> No, the one we run last

> •• and when can you give
year was our art deco.

me an answer?
< Yeah?
< Right.
> This is totally different.

> And it was very nice. But
We're nof talking about the

you can't, I mean she was on
same one. The one - the phone with Brian this
< Totally different is the dif

morning, and, and suddenly
ference between an eagle

it was, it was the money
and an automobile. they're

thing. And I got on the ••
totally different.
< What's the money thing?
> It's not.

> You know, and I got on the
< Sheesh. You're talking

phone with him and I said
about a yoke treatment that

Brian, just, you know, come
comes down like a V, one is

over here and look!
ort deco, one is floral ••••

< But you could take almost

this at home
everything. routines they want, construc
> I know. tie»n's slowing down right
< You know -- it's also both now.
ering you in the background. > I know.
> No. < And if they want -- you
< Oh yeah. know, uh.... Lexington
> Not with Brian. Avenue -

< Brian, he knows Brian all > I know.
so well. < And Bergen Avenue.
> Yeah, but Brian and he did > I know.
not get along very well. < And Old Bergen Avenue.
< Yeah, but Bobby seems

has been to his head, you
>. know.
< Uh, ., they iust gotta
know, 'Be careful, you're understand, uh you know, I
gonna get screwed.' mean • goHa, what I goHa
> yeah•••• do is start going out there
< You know, you know, uh more to see him then.
yo know you hear it from, > Uh huh.
you know, either I get < And, you know, doing my
screwed or you're gonna routine and say I know how
get - to do very well with that.
> Oh, I know, I know, but > Right, exactly.
you know on the other hand < They would give me a
after you talk to him for a fucking break, we have
few minutes he's coming some closings, we'll pay you,
over at one o'clock to you know we're right
work••• ~ Howard? around that time, we're clos
< No bullshit about it. ing, you iust gOHa wait a lit
> Yeah, but, uh, you know I tle while.
mean they see, they see a lot > That's right, that's right.
of work going on down it's THIs IS fHE FIRST IN AN OCCASION
going to change people's AL salES ON POSSI81E CONVERSA

aHitudes. TIONS THAT ANYONE COULD
< You know he -- if he wants OVERHEAR. IF THIS HAD 8EEN A N
to ierk -- you know, you ACTUAL CONVERSAnON, LOOKING
know he could play all the AT fHlS ARnell WOULD 8E IWGAL.

Letters For
Some Ideas alias within a given limit. say.

an area code. The person could
Dear 2600: get some little certificate to
After month's of agonizing hang on his wall,. and maybe
over 2600's financial plight. I've even a patch to sew on his
figured out a way to return to jacket.
the monthly format and solve So the next time the loser
another great problem that user logs onto the BBS, he can
plagues BBS's all over the now proudly assert: "By the
nation. How many times have power of 2600, I am the only
you logged onto your favorite Grim Reapel" within the 212
BBS and seen some message area code. I· am the only one
like this: "It has come to my certified and authOrized to use
attention that someone else is that pseudonym. So be gone.
using my name, 'The Grim you pagan!"
Reaper', on other BBS's. Well. So, whadaya say? 2600
whoever you are. I'm the real could be put into the black,
Grim Reaper. I was The Grim and we would no longer have to
Reaper months before you put up with dueling 14 year
came around. You better not aIds. We have a unique oppor
use my name any more. or I'm tunity to help solve the hack
gonna kick your $#&*@ ass!!! ers' two most serious problems.
You better think of a new name
dude!!!" No thanks. There must be a
Well. the obvious solution to better way to raise funds than
this common dilemma is to to play big brother to dueling
have a sort of "name registra 14 year olds. Besides, how in
tion". where individuals can the world would the user be
register their alias with an able to prove that he/she was
authority -- kind of like your the one with the certificate
given name when you're born. hanging on their wall?
And who else would be the Computers still offer a degree
most likely authorization but of anonymity. Let's all try to
the hackers' and phreaks' enjoy that while we can.
chOice -- 2600! Think about it!
You could charge each registra
tion a nominal fee. like $3. For Articles & Boards
that $3. you will give the per Dear 2600:
son a registration certificate. After having received your
saying that he is the only one volume 4. number 10 issue, I
authorized to use a particular was truly amazed! It's great to
PageU 2600 Magazine Winter 1988-89

Winter Reading
see a publication that is could offer. plus a bit of effort

straightforward and informa on my part. would bring about
tive. It wIttingly caters to the great results.
novice, as well as those of us 8W
who hopelessly suffer from
occasional periods of "hack You can contact us with your
attacks". Good jobn BBS ideas by caRing 516-751
I would like to inquire about 2600. We're also always ask
submission of written articles, ing for unspltct1ed articles, so tf
relevant computer news, news you have something you think
paper stories, and the like. I we rn.ight publish, send it in.
believe I have or can obtain
eno~gh data to "publish" at
least one article on a minJrnum
Needlnjo
quarterly basis. Also submit Dear 2800:
table would be a collection of I understand that the
"postings" from the area net Telecaption Adaptor II available
works which would be of worth from Sears can be extended
to your magazine. with a few parts to have an
Next on my list Is the hope of RS232C serial output port for a
being allowed to operate a computer. I would like to find
Greater New Orleans branch of out how to do such a modJfica
2600 Magazine BBS. I know of Uon so that the 'IV subcaption
many people and users who output can be displayed on a
would be more than happy to Teleprompter with RS232
benefit by logging into a system input. This would allow people
like such. A BBS of the like who are both hearing and sight
would offer its users a wealth impaired to understand 'IV. My
of information that would oth grandmother cannot see the
erwise be inaccessIble, or tiny letters that the TeA 11 gen
worse yet, unnoticed! As I soon erates on the screen. I would
will have a phone installed with appreciate any information on
a few extremely advantageous how to accomplish this modifi
services such as call forward cation.
ing and call transferring. I will Handel
also be able to link users to
systems that would be out of AT&T Nightmare
their reach but within mine! I Dear 2600:
think that the combination of Our small liberal arts college
what a 2600 Magazine BBS recently switched over from its
Winter 1988-89 2600 Magazine Page2S

The Winter
old crossbar system to the our faculty cannot call home!

AT&T System 85 early this For a system that is supposed
year. In the old days, you sub to be "smart'" it sure isn't. If I
scribed to Wisconsin Bell (like were to call myself using the
all Wisconsin residents). had prefix that the school is acces
your name in the phone direc sible through. the phone sys
tory. were available through tem doesn't even know to just
directory assiStance. and could use an internal switch. Instead
use your long-diStance service it goes ahead and wastes an
with the 1+ option. That has outgoing and incoming line"
changed since then. If technol while I talk to myself. So to
ogy is supposed to make life· prove to the school that some
easier, it doesn't and it also thing needs to be done. we're
makes it a hell of alot more getting 37 people to call them
expensive.. .. To make a long selves during busy business
distance call. we now have to hours. and make the system
dial the 800 port (I use Sprint) paralyzed ... for about 4 hours.
and use a calling card to place That should teach them what
the call. For those of you who they refuse to liSten to. Like all
use software for your modems. systems. no one cares until it
try programming a 20+ happens to them....
sequence! Then we also are Cray-Z Phreaker
charged a 50 cent surcharge SkunkWorb
for placing the calli And if
you're like me. that really adds The bug you're about to
up. We are unable to call 950's, exploit is probably the easiest
"toll free" Wisconsin Bell lines. part of the system to frx. All
and we are unable to tum off they have to do is block out
call waiting for an incoming that exchange like they've
call. Good if you are trying to blocked out others. But the
run a BBS from your dorm point is you have to get the col
room. There are only '37 outgo lege and the phone company to
ing lines, and 27 incoming. So listen to you, the end user. You
during normal business hours must do whatever you see fit
(the school's bUSiness office is This means being -loud and
also on the system). you will be specific as to what problems
unable to place a call! Someone you're faced with. Remember.
from AT&T also forgot to pro you have the same right to tele
gram all of the reachable pre phone service as anyone else
fixes in our area! Even some of in thiS country. Being at a col-
Page 26 2600 Magazine Winter 1988·89

Letters Column
lege does not mean you're sign about these in our last issue.
ing away this right. Demand So far we haven't seen a phone
answers and if you don't get company offer these services.
them. make sure every body Regardless of who offers it.
knows it. though. there is another poten
And a message to AT&T: tiill security risk here.
This is the second time in as With regards to using for
many issues that we've heard warding on a payphone. there
major complaints about your are two answers. The first is
System 85. Last time it was no. That is, accordlng to the
the House of Representatives. phone company. After all. why
Who will it be next? would anyone want to use for
warding on a payphone? It's
Call Forwarding simply not possible. The other
answer is yes. Of course, it's
Dear 2600: possible. Hackers have done it
I'm hoping you may be able by using the phone company's
to answer some questions computer. And we don't doubt
regarding the phone company's that law enforcement has
availability of call forwarding. made use of it on occasion.
As it stands. in order to acti What better way to trick a drug
vate call forwarding. you must dealer or kidnapper call1ng a
have the service on your line payphone?
and you must activate it from
that line. It must be deactivat
ed from the same phone that it Obseroations
was activated on. Dear 2600:
My question is thiS: is it pos Seeing how you have pub
sible to forward Phone "A" to lished updates to the 800
Phone "8" from Phone "e"? exchanges that are owned by
Also. is it possible to have a IC·s. here are some 800
pay phone forwarded to your exchanges that belong to other
location? companies. as well as some of
JH the same companies (MCI,
SprInt. etc.). These all work
There are remote call for from my NPA. and I liVe in the
warding devices available that midwest. I know that one carri
allow you to change the num· er (LYfEL) is a re-seller of long
ber you're forwarding to and to distance lines to FG-8 carriers
cancel call forwarding from a in my area. Anyway, the list:
remote location. We talked 800 + NXX

We Really Like
373 - Teleconnect pulsing. This also was the

383 Teleconnect same for AHnet.
456 MCI Speaking of AHnet, I am a
472 - AT&T legal customer of theirs, with
589 - LYIEL dial-up service. When I got my
636 - Conquest Long Distance authorization notice in the
668 - AT&T mail. I discovered that my code
686 - Conquest Long Distance had been put in on Allnet's
728 Teleconnect 800. 950, and local FG-A
747 Teleconnect dialups. On the 950 and local
798 - Teleconnect FG-A node, I could use my 6
829 - Sprint digit code "as is'', but with the
869 - Sprint 800 "Travel-Mate" service, I
873 - MCI must enter my 6 digit code,
These are the exchanges that plus my three digit PIN. (By the
I have found that were not list way, AHnet used to use some
ed in any issue of 2600 under type of formula to derive cus
any company. There may be tomers' PIN numbers. This for
more. since I compiled this list mula used part of the
a few months ago. Also. customer's exchange as the
Teleconnect in this case is not first digit of the PIN. I am just
the same company that runs mentioning this for the sake of
Teleconnect Magazine. I am information. as they no longer
told. I can usually tell by lis use this method. according to
tening if the exchange is owned customer service.) I am less
by an lC, as there seems to be than happy with AHnet's ser
more noise and static on the vice they are raising prices in
connections and in the back my area for both dialup and
ground than there is with equal access dialing. Also. they
AT&T 800 numbers. Also, in cannot seem to get their
my area at least. the connec records straight. Somehow I
tion time for an AT&T 800 was signed up with Allnet as
number is less than for an IC my PIC even thought I did not
owned 800 number. Western choose them. I talked to cus
Union's service used to be such tomer service about it as soon
poor quality in my area that as I found out and they told me
when I dialed 10220# (their the problem would be fixed.
equal access override), I could Soon afterwards. I received a
hear the noise being cut for notice in the mail telling me
ANI and called number out- that I had been disconnected

Getting Your Letters
from AUnet. However, to this exchange information. and

day. I am still connected with RQS will tell you the rate. If
AHnet and they cannot get the you want to try this out, a valid
bills straight. They send the bill exchange in Mexico is 621. So
for 1+ to my address for dial if you use 905+621 and get the
up bills. I have called them sev rate information for an intra
eral times and still they cannot office call (to the 905+621
fIx this. exchangel. you will get a local
Also. to top things off. we call message.
still received the charge from Also. a note to Telenet ID
our local BOC to pay for the users. according to Telenet
disconnection from AlInet even Customer Service, the cost of
though we are still connected. I getting an ID is $24 a month.
have called customer service a $18 a connect hour, and the
number of times and they don't bills are itemized (shows that
seem to want to help. I have the ID user conneded with). So
considered dropping Allnet if this information is true, then
because of the several things no wonder Telenet ID's always
they have done. but I am still a die when people use them ille
customer of t heirs. The only gally. Also. Telenet has a new
good thing about AlInet is that type of access management
they have a 45 second buffer system called TAMS (I am not
zone that is used when a call is sure what it stands for) which
connected. So if you can keep a keeps better track of network
call's time less than 45 sec usage.
onds. it won't show up on your Phantom Phreaker
bill. I imagine that sooner or
later they will get the equip An increasing number of re
ment to detect answer supervi operated 800 numbers actually
sion. but it looks like it will be have better sound quality than
later. AT&Ts. They also have more
In the Spring 88 issue you sophisticated caller identifica
published a list of BOC routing tion features.
and system codes. You asked if
anyone knew how to use the If you have a letter to
Mexico function of RQS. You send to us, drop it in the
can use this with a Mexico mail addressed to: 2600
NPA, such as 905. Just use Letters Department. PO Box
905 as the NPA and use two 99, Middle Island, NY
Mexican exchanges in the 11953.

by E. Solomenko my friend, the artist Durda
(reprinted from PravdaI Bairamov, over the line. We both
I fi rst came across her when as an had to bellow in order to be heard;
inter-city telephone operator in the line was terrible. The operatar's
Novosibirsk she tried long and hard hoarse voice broke in as she started
but without success to put me relaying my questions to Durda and
through to Ashkhabad. his answers back to me. I felt very
Her efforts were in vain. "I'm touched by her concern and just had
sorry," she said, "I'll try via Mara." to find out who she was.
Getting through to Mara was no Her name is Valentina Efimovna
problem. "Hello, Mara? Can you Vdovina and she works in what they
help me get a line to Ashkhabad?" simply refer to as the "inter-city",
The reply was anything but sister which is one of the country's largest
ly, "Dial it yourself!" Then they cut telephone exchanges, connecting the
her off. Urals with Kamchatka and Kuril.
I reflected sadly that the lack of So what is Valentina Efimovna
solidarity in Mara was a far more like?
common approach than that of my "She's a conscientious worker,"
Novosibirsk guardian angel of the said the supervisor, T. Vereshchak.
telephone exchange. I remembered "She never goes home until all the
how on a previous occasion I had calls that have been booked have
also been trying unsuccessfully to get got through. Sometimes she sits on
through to the elusive Ashkhabad, into the night long after her shift has
when the operator told me that there gone off duty. We have a lot of
was a fault on the line. good operators here, but we all take
Just in case, I decided to try get our hats off to Valentina."
ting through without her help, by Then who should come into the
dialing direct from the telephone room but Valentina herself. About
box. Miracle of miracles -- the inter 40 years of age, small with a round
city code worked and I got through. face and short hair and very kind,
The operator had told me there was homely eyes. She sits down, obvi
a fault in order to get rid of me. ously tired. Before lunch today she
Ashkhabad was notoriously diffi wos working on eight calls at once.
cult to get a line to. Yet now her Her iob isn't exactly a piece of
senior colleague was trying again cake. She only has one day off a
and again to connect me ond I could week and has lost count of the num
hear Fier saying to the girl next to ber of national holidays she's spent
her (she hod forgotten to switch me sitting in front of the switchboard.
off) that she hardly had any voice She works six hour shifts doing what
left from shouting down the line to amounts to a juggling act with both
Ashkhabad. hands, connecting and disconnect
At long last I heard the voice of ing plugs from the switchboard.
PageJO 2600 Magazine Winter 1988·89

Then there are the operators' fet to announce the birth of a grandson,
ters, the earphones with mouthpiece to say that somebocly has been put
attached. Just try s~nding a Whole in prison or that someone else lias
shift wearing those things! You soon had a heart attack.
get bells rin9.ing permanently in your Sometimes they overhear whole
head from the constant noise, and conversations, late at ni.9ht or on
this leads to headaches. Your voice holidoxs when there are fewer calls
suffers too from the constant shout going through. During normal work
ing to make yourself heard over bod ing hours they only have time to
lines. quickly listen to check that every
It is no occident that state legisla thing is OK. Twenty seconds for
tion allows for early retirement in eaell coli and on to the next one.
this job. After ten years in the inter A local call comes in. "please ~t
city, you con retire on full pension at me thr~h to Lesosibirsk as quickly
50. Onlx a few soldier on for as possible, my dear! II
longer. LilyaGleikh, Vera Raeva, "What number do you wont?"
team leader Elsa Vasilievna ... Valentina asks.
Ludmila Ivanovna Gorbatova has "I'm afraid I don't know," sobs
served her for almost a quarter of a the voice.
century and has risen from operator "Please don't cry. Let's try to think
to manager. Other girls come here how we can find the number. Who
straight from school and don't lost do you want to ring there?"
two minutes. "My daughter's had on accident
"I'd get out myself/ sighed there," says the woman's tearful
Valentino Vdovina, "but I love my voice.
work. I think of it as helping people "Don't worry. I'll get through as
to meet each other. It's as if I have a quickly as I can. I expect the surgical
hand in their fates, even if only for a word of the hospital there will be
minute." able to help."
I said that no doubt she over She got through to her colleagues
heard many conversations between in Krasnoyarsk who gave her a line
callers, not on purpose, of course, to Lesosibirsk. From there she got
but how else could she check the through to the hospital and then to
quality of line and make sure that the doctor in charge of the surgical
they could hear each ather, how else ward.
could she let them know that their "Hello, this is the Novosibirsk
time was almost up? inter-city exchange. Has there been
Whether she likes it or not, the a young woman admitted following
operator must be party to ofher peo an acciCient? There has? Hong on a
ple's secrets, to their joys and sad second, I'll connect you to her moth
nesses. There must be calls from eL"
sons returning from the army, calls Later the mother rang Valentina,

this time crying with relief. exchanges are all considered to be
"thank you my dear. I can't tell "one of us" at Novosibirsk.
you how much you helped me. I Valentino started off by working
don't know how to thank you for all On the Krasnoyarsk district link and
you did." now is on the Khabarovsk line which
She doesn't have to thank her. includes the whole of eastern
For Valentino the main thing was Kazakhstan plus a good chunk of
that the woman found her daughter, Novosibirsk province.
knows that she is olive and will get She is on important link for min
better. That is the best thanks she ers, people working on the gas
can get. piP.E!line project and the agricultural
In the course of her work she industry. When there is on occident
comes across all sorts of different on the pipeline for example, or
people. Sometimes during the busi problems with drilling. When a cou
est time, when all hell is let loose ple of teams are needed urgently
with ten calls going through the elsewhere -- all this concerns her
switchboard at a time, you suddenly and she does her best to help.
get on irate coller bursting in soying: Let's toke, for example, the
"How much longer must I wait? I Novosibirsk Pipeline Construction
haven't ~t all day you know. If you Trust. She knows as much about
don't pull your finger out 1'm going their business as its dispatch clerk,
to complain. " Vladimir Ivanovich Golitsin. She
"Sometimes we even have diffi knows that the Trust is involved in
culties with other operators," pipe projects in Belgo and in Lower
explained Ludmila Gorbatova. "We Tambovka, in Yagodnoe and in
can never get through to the Baku Krasnoyorsk.
inter-city exchange, the operator on "Hel/o, Mr. Golitsin, I'm putting
duty never answers. She's either you through to Belgo."
asleep or has gone off somewhere. "Hey, Valosho, what about a
"When she does finally answer hello first? How are you nowadays?"
she shouts something in "Hello Vladimir Ivanovich. I can't
Azerbaidjani down the phone and really talk for long now, the su~rvi
hangs up. After which you can never sor's here and I'll get told off for
get bock through again. We have chattering!"
sent a complaint to the USSR The supervisor, Taisiya
Ministry of Communications and the Aleksondrovna just smiles. "You
Baku inter-city exchange, but with seem to know the whole country,
out result." Valya!"
V dovina says that she doesn't "Not quite," laughs Valentino,
very often come across operators "only half!"
like the one in Baku. The other Her son Seriozha more or less
Siberian operators in for eastern grew up in the exchange. When he

U.S.S.R.
was in the fourth doss he was told to 18 days of holiday are over and she
write a composition called My Future is back at work -- how could they
Career. He wrote: "I want to be a manage without her? She hurries to
switchboard girl." When his mother light her beacon for the Sea of
saw it, she lQughed and told him to Anxiety, the Sea of Joy, and the Sea
change it to "man". He looked at of Loneliness.
her from under his brows and said: Tomorrow I shall have to ring
"What do you mean, 'man', when Khabarovsk. I'll dial the inter-city
they're all girls~" and book my call. And how'good it
Over the past two years she has will be to hear that friendly voice
not been very well. The strain of the saying, "Did you book a call to
job is starting to tell. Not long ago Khabarovsk? Putting you through
she did a break, but nOW' her short, nOW'. "
INTERNAnOlAL DIRECT DIAL SERVICE

-TO IRAN TEMPORARILY SUSPENDED
At the ~ ~~ goveni;nem of~ tbe·~~Cornp.nYofInmbas. attion
to deny Intematiooal Din:d Dial ServJce from the world into I.rm. Unti !urtber 1IOIice. aB AT"T
caBs from the U.s. M.mIaodmdHawaii to Jrmmilst lleplaa!d throughmAT&T Operator. Effective
Ailgust4.l988. thefollowingJlfCl!additionaIminbte~willappIy. I",,,,~·, . ..;''"< ' " ". '
" • ,OPERAlOR-ASStmD RATES:

, ..,... lNmAL3M1NUTES .>,
'. . . (AU DAY$-ALL HOURS)
. .
PwsoeRaht.3Minutes
.
'" SlUJ3
.
NEW ADDmONAL MINUTE RATES' .

. IRAN
Discout . Economy

an intervieW' W'ith
fly John Dralce AN ARTIClE AbOUT MACkERS -

pEoplE WOO wORk WiTk COM
Not much is known about the Chaos PUTERS ANd TIiAT MENTiONEd TkE
Computer Club, except for the abun DATENSckJiUdERS. IT WAS iN DER
dance of scary "you should hire me SpEi~At likE NEWSWEEk IiERE,
OR TIME, ANd SO suddENly
because of hackers like them" tales MANy p,EoplE pkONEd ANd
peddled by computer security consul WANTEC:I TO GET TkE
tants. DATENsckEU<lER. TkEN fROM
TkERE TkE SECONd iSSUE of
Further hype about the "mythical DATENscliEUdER WAS I!RiNTEd A
hacker elite" has also been perpetuat lOT, TkEN TkE CkAOS COMPUTER
Club.
ed by the worldwide media coverage
when a story is picked up by a major Wllo rlfEII srAllrEdJ}ff
news service. CIIAOS' Co",pvrEIl Clvb1
This past fall two members of the
Chaos Computer Club were passing ~~~R~ft~t~~ ~fR!~OOJl~i-
through my metropolis. They decided ANd lie GAVE TkE ROOMS TO
EoplE wko CAME TO ViSIT kiM
to hunt me down with the little infor C£fORE iT WAS A club, ANd TkE
mation they had about me. Since they ROOMS of TkE CkAOS
didn't have the street number, the COMPUTER Club ARE Also NEXT
dOOR TO kis plACE iN
duo spent a night ringing the door HAMbuRG·
bells up and down the street asking
for John Drake.... Their eventual suc WIIEllli dOES' PErEIl GIASEIl
CONE '111
cess resulted in this interview.
IN 1982, OR EVEN bEfORE
WIIEII WAS' rifE CIIAOS' TkAT ... VERY EARly. PETER
CONpvrEIl Club fOllNEd1 GLASER liVEd iN HAMbURG. HE
WORkEd WiTk COMpUTERS fOR A
HMMM, I CAN TEll you TkE dATE TEXT PROCESSiNG COMp'ANy. HE
WIiEN TIiE fiRST DATENScliEUdER kAd MANy CONTACTS Wllk
WAS dEliVEREd. Tliis WAS iN OTkER p'EoplE. SWEN YAckToff
FEbRUARY 1982 ANd iT WASN'T liVEd wirk ltiM. SWEN WAS TIiE
pliOTOcopiEd. TIiE club MUST fiRST TO kAYE CONTACTS wiTk
IiAVE bEEN AROUNd SiNCE '81. WAU Hol . HE WAS ONE of
TIiE REASON TIiERE WERE SOME TkE fiRST, befORE TkERE
CONTACTS bETWEEN TIiE IiACkERS WAS A DATENSCkE , OR
WAS TIiAT TIiERE WAS AN ARTiclE ANy'TliiNG of Tkis wlio
iN A NEWSpApER iN GERMANy .... kA(I CONT ACTS wiTk AU
I TliiNk iT WAS AN Ad, iN fAcT HollANd.
SOME of us TRyiNG TO fiNd HE l.ivEd TOGfTkER wiTk PETER
pEop'lE iNTERESTEd iN COMPUT SO TkERE WERE OTkER CONTACTS
ERS, iN A pApER CAllEd TkERE ANd PETER would COME
TAGENSiGN -- AN AlTERNATivE iN CONTI~CT wiTk pEoplE wko
NEWSpApER. Tliis is liow TIiEY WERE USING COMpUTERS fOR
<lOT TO<lfTIiER. MORE TkAN oNly TYP.EWRiTiN!i.
AfTER THis, I TliiNk TIiERE WAS So PETER bECAME A "IiAckER . I
Page 34 2600 Magazine

the chaos computer club
<lmfT k~ow It liE IS REA.ll Y A. WITIiOUT STRUCTURES. ANyONE

~A.ckER .. ..iT'S A. siLLy WORd. CAN COME wiTItOUT ItAviNG TO
W~E~ ~ GOT A. ModEM fOR A. bE A. MEMbER.
biRT~dA.y P.RESE~T fROM SOME
ONE fROM tltE CltA.OS How MANY pEoplE R~cElrE
COMPUTER Club, fROM TltM rifE DAJ'EffsclfElJdERl
TiME you o~ly SEE Itis bA.Ck.
YES, W~~ you WA.NTEd TO WE A.RE pRiNTiNG TWO Tkou
COMMU~iCA.TE willt ltiM you SA.Nd, I TltiNik bUT oNly A.bOUT
~Ad TO buy A ModEM YOURSElf. 800 TO 100v A.RE A.CTUA.llY
BUT, dtM'S OVER NOW.c/ ~ o~ly MA.ill:d.
GOES ONliNE VERy sdaOM.
Ch4Ibt Computer Club, Sch......ellCkmf.85. 0·2000 HamtM-g 20. Telefon: (M(J. 490 3151. 8Tx ·CHAOS+
MailboxlVstem CLINCH 040 651 64 75, Vla D.t~)(·P 4440009031.., GEONei:GEOt:Chaof.TEAM
Ho tv ;$ rifE Clvb SEr vp IN

I!ElA r/oN ro
~;~:J~ ;r~I~li~l1 tov
D ATENsclfEvdER? ~"':1!iA~~E19t~~~~: c1:Jl
bREAkINti. iNro dNE sysrEM
DA TE~SC~EUdER is TItE pA.pER OR ANO.,..lfER....
of TItE club.
W~N you GiVE TItEM (TkE
Ho tv is rife clvb pRESS) SOMETltjNG TO EA.T, TItEY
OIlCiANizEd? A.U COME RUNNING.
T~AT'S VERy ItA.Rd TO SA.Y EXAMplES?

bECA.USE A.S A.~ officiA.llY REG
iSTEREd club iJ's o~l y bl=E~ A. WltE~ you ItEA.R WE ltA.tlE JUST
yEAR NOW. BEfORE THEN IT WAS GONE iNTO A. dA.TA.bA.Nk, E\lERy
lUST TkE C~A.OS COMPUTER ONE fROM TItE GERMA.N PRESS
ClUb. BUT T~E~ you ~EEd will COME A.Nd WRiTE A.bOUT iT.
SOMEO~E fOR TItE bA.Nk IN TItE bEGiNNiNG Tltis WA.S VERy
!,CCOU.NT ANd you NEEd A. REG fiNE A.Nd SOME Good A.CliONS
ISTRA TlON. CA.ME A.bOUT bECAUSE 0 TkE
IT's A GAlA.CTicA.l CO~NECTioN BETA.X ItAck...NOW TkERE is TkE
Winter 1988-89 2600 Magazi.ne Page 35

the chaos
NA~A "'Ack W"'IC'" IS VERy TJiINk you NEEd TIlE COMpUTER.

fAMOUS. IT's MORE fOR pEOpLE wJio
BUT OfTEN TliERE ARE JOURNAL TliiNk MORE TItAN JiAck PER
iSTS wlio TkiNk "WliAT CAN WE liAp'S. TkERE ARE Also ~AckE~S
do iN OUR NEWSPAPER?" ANd iN TkE club,- SURE, TkAT 50 A bIT
TliEN TliEy' SAY, Ali YES, SOME- of TliE PROD1EM bECAUSE liAck
TliiNG WiTIi COMpUTERS LET'S ERS liAVE diffERENT iNTERESTS
(!liONE TliE CliAOS COMPUTER TliAN p'EoplE likE ,us wko AR..E
UUb. Is TliERE ANVONE HERE MORE INTERESTEd IN COMMUNI
Willi TliE NUMbER1" TkEN TkEY CATiON ANd ART. WkElIER
pliONE ANd SAY, "PLEASE sliow TkEY'RE JUST fREAks TkAT kNOW
US SOME liAckiN4;t, lET'S SEE how A lOT ADOUT TkE TECkNicAL
you do iT." AN<fyou CAN'T do sidE....
IT bECAUSE iT is fORbiddEN iN TIERE ARE OTIiER p,EoplE iNTO
GERMANY. IT's NOT TkE REASON REAL livE liACkiNG, likt: skowiNG
wliy TkE club ExisTS: fOR JOUR p,RESS pASSES TO GET INTO
NAlisTS TO LET PEoplE kNOW TkiNGS, TkAt'S REAl kACkiNG.
TliERE ARE liACkERS.
WliEN A bYTE SOMEwkERE GOES )VilA r rYrE ollll.,s EX;Sr
WRONG TliEY AlWAY~ p,liONE TIiE IN GEflNANY ro dErEIl
CliAOS COMPUTER Club, IfACkiNt;
bECAUSE TliEy TliiNk WE CAN fix
iT OR WE kNOW WliAT liAS liAP AT TkE MOMENT wliEN you
(?ENEd OR wlio did iT. CkANGE SOMETkiN<i iN SOMEONE
SOMEONE ONCE Tgld ME TliA T EhE'S COMP~TER, IT'S ALREAdy'
bECAUSE of TkE CliAOS AN OffENSE. so WkEN you LOGiN
COMPUTER Club liE liAd sold A ANd YOU'RE NOT suppOSEd TO
lOT MORE of liis SECURiTY sofT lOGiN, YQ4 CliANGE SOMETliiNG
WARE ANd liE TliANkEd US. bECAUSE IT S REPORTEd SOME
WliERE TkAT you liAVE lOGGEd
Is rifE ",AIN AI", 01 rifE iN. So you liAlIE A1RE!)dy
C;1l0pp co",purEIl l;rEIlAcy CliANGEd SOMETliiNG if you fol
911 IS rllEIlE A IAcrlON Low THE lAW STRicTly. ITkiN"
INsidE rll,! C;1l0Up 'Oil TliAT TkEy' ARE STill WORkiNG
IIACiERS ON rlinE lAWS.
THERE ARE MANy diffERENT f.EO

ptE wlio TliiNk of MANy dif ER CALL OUR COMPUTER
EI'4T AiMS of TliE club, SOME of

rliEM sociAlly' ACCEp'TAblE BUllETIN BOARDS!
WAyS of WORkiNG WiTIi COM

pUTERS. SoME of tliEM ARE CENTRAL OFFICE (~14~2344260
HAckERS bUT NOT AU of TliEM. YOYODYNE ·(40~}:S64~518
WE ARE NOT liAckERS.

BEEHIVE .{70?j823cf3591
Is ;r rllEN A {rRA/c;IIr COM HACKER·SOE~. . . . . (718) ·358~9209
purER club All avallab16~4/f()u"Bday.
No ,.g{stf'atlonn~sSBry.
No, iT'S NOT A NORMAL COMPUT IF VOO~REJNTE.RESTEDIN OPER

ER club. IT'S MORE of A CliAOS AtlNGA2600BBS!tiONTAcT us
COMMUNicATioNS Club TliAN AT(516l151~2600,

CliAOS COMPUTER Club. I dON'T
Page 36 260() Magazine Winter 1988-89

computer club
ThE hiNT.
Hils ~lfrO"E bEE" cAU'l"r TIlE koST OPER~TOR of TIlE
,."d tI,,~d
C"iI ll'lE 7
0" A "ACt,,,'l SYSTEM s~id, "IT's ONly bEC~USE
oJ TIiE Ck~os CO~UTER Club
TIt~T TIlE BET~X vjd"EOTEX sys
ntE oNly TltiNG TIt~ T I CAN TEM is A flop." TItEY WERE
TltiNk of is STEVE iN pRisON, bUT TElliNG.. us ~T TItE dEMONSTRA
ItE ItASN'T bEEN CItARGEd. TiON 01 BEf~X TIi~T iT W~S
bEC~USE OlliE CItAOS
C,." you 'lirE ",E SO"'E
01 ",Edi,.
E~,.",pIE.1
COMPUTER.Club TIi~T pEoplE
WON T USE IT.
d,srollrlo"l Also, wkENEVER THERE is ~
SHOW of TItE BET~X vidEOTEX
TItERE W~S Tltis biT wiTlt ~ b~Nk !{Yn~M, pEQplE c~ll up TIiE
iN H~MbUR!I, ON A vidEOTEX aub S MOVIE ON TItE dEMON
SYSTEM iN GERMANY. IT ItAS STRATioN ~CCOUNTS.
M~Ny M~Ny bUGS ~Nd MANy
MiST~kES iN iT ~Nd wIlEN you Ho W dOES r"E,,,"O"E
lt~vE ~N OVERflow of dAT~, SYSlE", WORt ,f; RfGARd ro
~Ny'TltiN<.I could lt~ppEN. MOtlf'lslls Ir dIG'''''A' OR II
So iN TItIS WAY ThEy 10UNd OUT CIU"k,/f!; ",EC"" "'CA'
TItE P~5SWORcI of this b~Nk iN sysrE",r
H~MbURG ~Nd TItEY USEd rliis,
~Nd TIlEN TIlE CIi~os COMPUTER You STillli~"E rliE clUNk,
Club R~N A SECTiON of iNfoR clUNk, clUNk synEM iN MOST
M~TioN ~~GES ON TItE vidEOTEX TOWNS. THEY Ii~VE jyST ST~RrEd
SYSTEM. -"TltEy ~lso Ii~VE ~ TO CIt~NGE TO THE itiGiTAl sys
MoviE iN TIiERE wliicli you C~N TEM.
look ~T bUT you It~VE TO GiVE If you W~NT ~ ModEM you It~VE
~ dON~IioN fOR lookiNG ~T TItE ro buy ir OR RENT iT fROM TkE
MoviE fiVE dolll\RS, witicli is p"on offict;:. OR .Y.OU USE ~
TItE M~xiMUM SUM fOR lookiNG HAYES ModEM wHiclt is illEG~l.
~T ~ vidEOTEX P'~GE. TIlE ModEMS fROM TItE pOST
WElt TIlEy M~aE TItE b~Nk offiCE AREN'T VERy POWERful.
look ~T Tfli5..P~GE OVER ~N<t TIlERE iSN'T ~NY G.ood soh
OVER ~G~IN. 1ltEy' WROTE A lIT W~Rfi TO WORI( WITIt TIiEM ~Nd
TlE .PRO~R~M 50 iT W~S ~lw~y's TIto' RE VERY. EXP.ENShIE.
C~UiNG iT b~ck ~G~iN ANd 1i~i1 IN GERM~NY iT is fORbiddEN TO
iT RUN OVER TItE WEEkENd so Nt) do ANYTliiN~ YOURsElf wiTlt ritE
ONE fROM TIlE b~Nk W~S ThERE TElEplioNE liNE. TIlERE is ~ jOkE
TO SlOP iT. IN TItE ENd iT W~s TIt~T you EVEN NEEd PERMissiON
I~O,OOO M~Rks WORTIt of wltEN you USE ~ pEN TO di~l
dON~TioNS fROM TItE b~Nk TO TIlE pJiONE.
TkE Ck~os COMPUTER Club. If you NEEd ~ lONGER c~blE
TkE Club could" lt~vE cl~iMEd you 1t~\IE TO GO TO TIlE pOST
THE MONEy' fROM TItE bANk OffiCE ~Nd p~ Y 6~ M~Rks ~Nd
bEC~USE TItERE ~RE NO l~ws fill OUT ~ REQUEST fORM fOR ~
SAyiNG. THAT THis W~SN'T ok. lONGER c~blE TO YOUR TElE
Tkty didN'T, bUT TkEY SkOWEd pkoNE. .
TIiE N~TioN~l dAM SECURiTy
OffiCE WH~T is possiblE. TIfE
b~Nk WAS VERy TItANkhJl fOR

w-est germany's
~O pHONE pHIlEA~'Nfi IS rOUNd OUT ThAT TI-Ey WERf IN

Not Allor subJEcr IN TkE NASA NETWORk. AfrER A
GERMANY? wkilE of WORkiNG iNSidE ThERE,
ThEY ONE dAy bEGAN TO UNdfR
THERE ~RE SOMETiMES pEopLE STANd TkAT iT WAS VERy dAN
WHO TRy TO M~kE bLuE bOXES ~EROUS.
OR THiNGS of THESE kiNd bUT I ThfRE ARf STORiES AbOUT Tkf
dON'r kNow if ThEY wORk, CIA TkEy dON'T Ask QUES
THERE W ~S ONf GUY WE kNEW TiONS, bUT ShOOT fiRST. , dON'T
WHO H~d ~ THIN,G likE This, bUT belieVE ThESE STORiES Mysdf,
HE disAPPEAREd INTO pRisON bUT TkfN I TkiNk ThE AMERiCANS
OR SOMEWhERE. WE kAVE TO MUST bE silly....
TRy...MAybE iT will WORk WhEN TkEN ONE dAY TkEY phONEd
ThE NEW SYSTEMS ARE iNSTAllEd. ANd CAME TO ThE CHAOS
TElEphoNE CAlls ARE VERY COMPUTER Club ANd SAid TO
EXP.ENSivE iN GERMANY, ESPE ThE pEoplf ThfRE, :WE hAVE
ciAlly lON~ diSTANCE CAlb ANd SOME COMpUTER pRINTOUT ANd
SO iT wouLa bf A useful THiNG. WE dON'T WANT TO bE killfd by
iT. WkAT shAll WE d01
Wf ARE ChARGEd fOR AU ThE STEffEI'tI ANd W AU SAid OK,
LOCAL CAlls iN UNiTS of Ei!jHT kEEP QUiET ANd WE will USE
MiNUTES iN ThE dAY ANd 11' MiN OUR COI'tlTACn. TkEN ThE
UTES AT NiGhT. MAChil'tlE STARTEd. ThEY TRiEd
TO GiVE iNfORMATioN TO ThE
WIIA r "rfPENEd 10 SrEffEN CIA viA TkE GERMAN SECRET
WEIlRNE WilEN liE WENr ro SERVicE. TkEy SAW ThAT ONE
FRANCE WEEk lATER TItE ACCOUNT WAS
STil~ WORkiNG. TkEy GAVE
STEffEN WAS iNViTEd TO A SECU NOTICE TO TkE COMPANY ThAT
RiTy CON!iRESS TO REpORT WAS MANUfACTURiNG ThE TERMi
AbOUT WHAT hAPPENEd WiTh NAL SOfTWARE. TkEN ThERE WAS
NASA ANd TO ExpLAiN whAT is A. NEW VERSiON diSTRibuTI:d
possiblE iN ThESE NETWORks. HE ThAT STill CARRiEd ThE SAME
WAS ARREUEd Ri~hT AWAY MiSTAkE.
WHEN hE A.RRivEd In ThE AIR

pORr il'tl FRANCE ANd QUES WIIAr did rilE COM"'UNicA
Tiol'tlEd fOR 24 hOURS. dON sofrWARE Allow you
ThEY '<EPT hiM ThERE WAiTiNG ro do?
wliilE THEY kAd AbsoluTEl Y NO
E\lidENCE WhATSOEVER ThAT liE ITAUowfd you TO look AT Tke
WAS iN ANy WAy iNvolvEd iN ThE USfR liST. USUAlly iT TElls you
NASA STORy. ThAT you hAVE NO PERMiSSiON
TO Look AT iT OR do ANYTkiNG
WIIA,. ACIUAli Y "~.PENEd ThERE. IT GAVE TkE WARNINCiiN
wi,.11 NASA AS op OSEd ThE PROGRAM bUT iT WOu[(JN'T
ro. WIIA r rilE NEWJ APERS CUT you off. You could GO
SAId? fARTkE~ despiTE iT SAyiNG you
couldi'll T.
TIiEY'RE 1'tI0T MEMbERS of Thf So TkEy WENT iN ANd G,AVE
ChAOS COMPUTER Club. ThfY ThEMSElVES pRiviLEGES IN ThE
WERE ONE yEAR WORkiNG fOR A SyS~EM, ANd TkEY pUT iN ThesE
COMPANY Al'tld suddeNLy Tkey TROJAN hORSfS -- PROGRAMS

"computer hackers"
THAT WipEd OUT All TRACES of 258 pages softcover

ThEMSEl liES iN ThE SYSTEM SO NO ISBN 3-922708-98-6
ONE kNEW. IT Abo COpiEd iTSElf Published by Der Grune,
iNTO OThER SYUEMS ON ThE Zweig 98, West Germany.
NETWORk ANd bROUGHT bACk
iNfoRMATioN AbOUT PASSWORds Cost 15 dollars US approximate.
TO ThE kids. ThEy hAliE bEEN iN - Original Material written for Bibel.
In diffERENT SYSTEMS. - Photocopy art/humour related to
computers and hackers.
DiE HJtC~E' BibE' I " II, -Newsclippmgsandarl~~sfrom
""Ar IS Ir various sources.
Includes reprinted article about
You fiNd SOME REPRiNTS of
Hackers Conference.
SOME AMERiCAN STuff iN iT
HAPt cOMplETE REPRiNTS of

- Reprints from Datenscheuder.
old DATENschEUdER, ANd SOME
Early YIPL 1-22 reprints and TAP
ARTiclES you will ONly fiNd iN
23-27.
ThE book'. You CAN fiNd This
- About 40% of the book is in English.
OllER ThE COUNTER iN ANy
- A good reason to learn German.
boqkuORE.
Chaos Computer Club:
I THINk iT HAS AN ISO NUMbER.
0-2000, Hamburg 20 or
DiE HACkER BibEl II is dUE
SOON. IT's bEEN p-RiNTEd. WE'RE

Schwenclcestrasse 85
WAiTiNG fOR STEffEN TO SENd US
West Germany
COpiES. DiE HACkER BibEl III is
01149404903757, 0114940483752.
Nola! bEiNG WORkEd ON.

UNIX HACKING
(continued from page /7)
wd" command as shown below:

to another directory.
$passwd
$ mv letter letters
Changing password for john
$
Old password:
This example renames the file letter
New password:
to letters, thereby deleting letter. If you
Retype new password:
want to move files then you would
$ enter:
This will only work when the pass $ mv lusr/john/pers/capital
word has aged enough. lusr/john/michelle/capital
ps $
It's sometimes necessary to see This moves the file capital to the
what command processes you are directory named michelle.
running. This command lets you see diff
thaI. The format is: ps [-a all process Format: diff [file name] [ file name].
es except group leaders] [-e all pro This shows the difference between
cesses] [-I the whole list]. two files. Output of this will have
$ps something like 4,5c4,5 then it will dis
PID TTY TIME COMMAND play both sets of files on the screen.
200 tty0914:20 ps The 4,5c4,5 means that you must
The system reports the PID - the change "c" lines 4 to 5 in one file to
process identification number which is line 4 to 5 in another.
a number from 1-30,000 assigned to Options for using this command
UNIX processes. It also reports the are: ·b (it ignores blank spaces), -h
TTY, TIME, and the COMMAND being (compares it quickly), -s (reports files
executed at the time. To stop a pro that are the same), -S[file] (this is used
cess enter: when you want to compare a directory
$ kill [PID] (in this case it's 200) starting at a specific file).
200 terminated There is also a command to com
$ pare 3 files which is:
grep diff3 [options] [tile 1 ] [file2] [file3]
This command is important when cp
searching for a word or words in large Format: cp [file name] [file name].
files. The format is' grep [argument] This makes a copy of a file.
[file name]. It searches for a file that $ cp letter letters
contains the argument specified. $
$ grep phone cathy The file letters is a duplicate copy
phone michelle (718)5551234 of letter. In this case the original is not
phone cindy (718)5553456 erased like in the mv command.
What this did was to find the argu (End of Part One. Part Two will
ment "phone" in the file cathy. II the appear in the Spring 1989 issue and
argument consists of two or more will incfude more UNIX commands,
words, then It must be enclosed in sin sending and receiving messages, and
gle quotes. super user commands.)
mv
Format mv [file names(s)) [dir
name]. This renames a file or moves it
Page .:If) 2600 Magazine Winter 1988·89

2600 Marketplace
WANTED: Text files/ Countlegger/ I WANT TO START a newsletter devoted

Ph rack news clippings on hackers, to petty crimes, tentatively titled "For
phreaks, etc. from newspapers and Informational Purposes Only", Please send
magazines. Willing to payor trade. me info, clippings, on how to rip-off vend
Send a list to KH, N. 11107 Roundup, ing machines, free postage, free photo
Mead, W A 99021. copies, sneaking into movie theaters, etc.
W ANTED: Any hacking programs for Tun CridJand, PO Box 85874, SE9ttle, WA
the Atari ST. Will trade. Also in need 98145.
of good blue box plans. Would love to WILL TRADE: My Texas Instrument
hear from other persons interested in Silent 700 Series Portable Intelligent
P /H from Lexington, KY. Aristotle, Data Terminal (like new) w/full docu
606-258-2219. mentation for any hacker software for
COMPUTERIZED LEARNING IBM compatible computers. Ted K.,
USER'S GROUP, ELECTRONICS is PO Box 533, Auburn, NY 13021-0533.
for those inter COMPLETE
ested in learning RANGE of
electronics and Commodore 64
related tech hack/phreak
nologies as well software. All
as those interest ................ tested and
ed in develop- , debugged.
ing, evaluating, Many advanced
sharing, and applications.
selling hard Call1HC-][ BBS
ware and soft at 604-595-0085
ware to do so. Write CLUGE, 207 East and leave feedt-eck to the sysop for more
School Street, Kent, Ohio 44240-3837 information.
or call 2]6-678-4611. TAP BACK ISSUES, complete set Vol.
WANTED: Red box and/or blue box, 1-90 of QUALITY copies from origi
tone chips for making boxes, nals. Includes schematics and indexes.
Macintosh software for trade via mail $100 postpaid via UPS or First Class
or moderl;l and vending machine lock Mail. Cash/MO sent same day, checks
pick gun/tools. Douglas, PO Box 8022, to Pete G., P.O. Box 463, Mt. Laurel, NJ
Richmond, IN 47374. 08054. We are the original; all others
FOR SALE: 3 Comtech model 550 are copies!
Satellite Video Receivers. Best offer, 2600 MEETINGS. First Friday of the
first come, first served! Send reply to month at the Citicorp Center-from 6
either dtroup@carroll1.uucp or send to 8 pm in the Market (also known as
real mail to: DTROUP/Room 205st, the lobby with the tables where all of
221 N. East Ave., Waukesha, WI, the weirdos hang out). Located at 153
33186. Skunk Works! East 53rd Street, New York City. Come
FOR SA LE: Various UNIX man by, drop off articles, ask questions.
ua Is /books. For more information, Call 516-751-2600 for still more info.
write to Seth K., PO Box 245070, Deadline for Spring Marketplace:
Brooklyn, NY 11224. 3/1/89.
HARDWIRING
by Dr. Williams grounds and two charged wires.

One of the most obvious ways After stripping the wires, put an
of obtaining free telephone service alligator clip on the green and red
is through "hardwiring" -- that is, wire on both halves. Putting one
directly connecting a phone to on the grounds is a good idea too.
somebody else's line without their Now you have what it takes to
knowledge. This can be accom connect up to any phone box. On
plished in a few different manners. the older ones where there are just
One technique is just to hook up a four terminal posts, you take the
phone to the exterior of a house or headset and connect up to the ter
business. Another way, canning, is minals via the alligator clips on the
a little less blunt. Any dime store headset. You won't need to use
phone can be hooked up, and the other half of the cord with the
walaa! Free telephone service is phone jack since there is no place
yours just for the begging. to hook it up. You may also have
There are basically two types of to bring some vise grips to
exterior phone boxes that are used unscrew the bolt which holds the
for homes and small businesses. box closed. Sometimes, the colors
The older ones are a pukey green of the terminals aren't marked, so
color, are square, and have four it will take some trial and error to
terminals inside: two for the find the two live ones. On the
grounds, and two for the charged newer boxes that have a tele
wires. These are kept closed by a phone jack inside of them, you use
long bolt. The newer ones are the other half of your cord contain
rectangular and have a phone jack ing the jack to plug inside of it.
inside of them. They are kept Then you connect the alligator
closed by a lid. There is only one clips together on the headset. This
tool you'll need, and that is a touch should be no problem to open
tone phone. The ones where all of since they are held down with a
the components are contained in plastiC lid. Easy, isn't it! One note,
the headset are the best for this. though. There may be other varia
Take the cord, cut it in the middle, tions out there. From my experi
and strip the wires on both halves. ence, these are the most common
There should be four wires: a types of boxes.
green, red, black, and yellow. The There are some drawbacks;
green and red ones carry the cur relationships are always two
rent, and the black and yellow are sided. The good pOints are that it's
the grounds. There could be some easy (it beats hacking out codes to
variations in the colors of the the local extender at the pay
wires, depending on the phone, phone) and, since most residential
but there should always be two' areas still use AT&T as their pri-

YOURWAYIN
mary carrier, you can call any industrial centers are also good
where in the world. Some other spots. These usually have the
long distance carriers have limited green boxes clumped together in
calling areas. The drawbacks are, lots Of four. Late at night, no one is
first, you have to do this at night - around, so it's only a matter of
like, 3 or 4 am. If you do this, you hooking up. I'm talking about those
always run the risk of getting places where a company leases
caught. Some neighbor might think the shop or office space to various
you're a prowler. You should companies. Trying to hook up
therefore dress in dark clothes and where a 7-11 is located probably
not carry any identification with wouldn't be too smart.
you. There is also a limited Canning
amount of things you can do. After A subject I'm going to touch
all, you can't call up your relatives upon is canning. The rea,son I say
or too many of your friends at that I just want to "touch" upon it is
time of day. because this topic really deserves
There is a wealth of locations a whole article by itself, but since
where one can try to hook up. One you can use the same tools of the
spot is housing construction - trade, I'm going to mention it here.
going up and coming down. Cans are those ugly green con
Sometimes, when houses or tainers that stick out of the ground.
apartments are being built, the Most of the smaller and isolated
phones are connected before con cans can be easily opened with
struction is complete. I've also vise grips. The bigger ones some
seen cases where people move times have locks on them, but
out and the phones are not discon nothing a bolt cutter couldn't han
nected. Once the people lived in a dle. Most cans that I've come
mobile home and they moved out, across come in two flavors: ones
leaving a vacant lot with a utility where there are just masses of
pole. Well, 10 and behold, the individual telephone wires
phone was still connected. The clumped together, and the others
phone company didn't disconnect that break apart the clumps of
it until about seven months later, wires to help the distribution of the
and that was after practically telephone wires. The ones that
everyone in the neighborhood had have just the bundles of wires
crank-called people in Japan and clumped together I've found to be
Australia. You can also try rural of little use. I imagine that a guy
neighborhoods late at night, would have to match up the two
although using your own probably wires for each single phone to get
isn't a good idea. a current that will work. But then
Small business clusters or again, I'm not an expert.

HARDWIRING PHONE SERVICE
Sometimes these do break up a The real benefit of hooking up

few individual houses in the neigh comes when you own a portable
borhood. There might be a metal computer with a modem. If you
plate attached to the top of the can find a target computer that you'd
with four or five terminals sticking like to get to know better, and
out. Use trial and error again to you're not stupid enough to try to
find a live current. It is usually pret get to it from your home phone,
ty easy. The other cans, the bigger then this might be a good way to
ones which are sometimes locked, go. Portables are going down in
can be a goldmine. They usually price; I've seen some in pawn
distribute pairs of wires in a hori shops for about $125.
zontal fashion, with a row of metal There are a couple of other
stubs sticking out. Inside it might observations that I'd like to make.
look a bit confusing. Around the I've attended two different high
perimeter, there are wads of wires schools and I found their long dis
tangled together and going every tance dialing procedures in the
which way Inside the perimeter same place On the principal's
are rows and rows of square desk, there was a bread board that
metallic stubs. These stubs are slid out on the left hand side. The
thin, about three eighths of an inch instructions for making long dis
wide, and they stick out about an tance calls were typed on a piece
inch The telephone wires will con of paper taped to this location.
nect to both sides of the horizontal Perhaps this is a common occur
rows of these metallic stubs. All rence. I've also lived in a few dif
you need to do is connect up to ferent dorms, and I've noticed
two horizontal stubs. Not all of the similarities in their setup too. In
wires in the can may be live, so each room there was a plated tele
you need more than one try. phone jack The plate was only
Sometimes these bigger cans held down by two flathead screws.
have some goodies in them, such I unscrewed the plate and behind
as lineman's headsets and papers were most of the telephone wires
containing technical data. From for the whole floor. I could have
what I understand, the purpose of hooked up to any room on the
these cans is to help troubleshoot floor undetected.
problems by breaking up units (or Finally, if you find that any of
clusters of wires) into smaller the above works out pretty good
units I want to emphasize that I for you, don't be too greedy,
am not an expert on these cans. stupid, or start taking life for grant
These are just my observations ed. As they say on Wall Street:
and I'm sure things work differently "Bulls make money, bears make
in different parts of the nation. money, pigs get slaughtered."
26()O Magazine Winfl'f 1988-89

BOOK REVIEW
Tune In On Telephone calls then it's definitely illegal to eaves

by Tom Kneitel drop, if it's from a cordless tele
Published by CRB Research, phone, then it's maybe illegal, and
Box 56, Commack NY 11725 if it's from a boat or airplane, then
160 pages, $12.95 it's perfectly OK. The law does not
Reviewed by Lou Scannon specify how the radio enthusiast is
Telephone calls have been car supposed to be able to distinguish
ried on radio waves for years - between protected traffic and
from ships at sea, from cars, and, unprotected traffic.
since the advent of microwave and Fortunately. the Justice
satellite technology, even the aver Department has announced that
age long distance call travels they have no plans to enforce this
through the ether for a portion of portion of the ECPA which is just
its route. And unlike the private as well, as the thought of the Feds
medium of telephone wires, where breaking into your house to see
a physical intrusion is required to where you have been tuning your
listen in on the conversations, radio tends to put a damper on
radio waves are everywhere radiotelephone eavesdropping.
around us and need only the right From the editor of Popular
kind of receiver to pull them in. Communications magazine comes
Although most people know a book that promises to explain
about the existence of car phones, how you can become a radio
there are a good number of other voyeur and listen in. And indeed it
telephone services on the air: does. except by the time you come
including cordless phones, local to the end of the book you're won
marine telephones, ships on the dering what you paid for. More
high seas and more. The conver than a third of the book (60 pages)
sations can range from the ordi is composed of channel allocation
nary chitchat and gossip of your charts of questionable value.
neighbors, to a lonely seaman There's no index or bibliography,
talking to his wife or children, or to the latter which would have been
your local drug dealer planning his useful as the reader is referred to
next purchase of controlled sub other books whenever the author
stances. declines to delve too deep into the
Alas, thanks to a recent act of technicalities. All in all, a steep
Congress called the "Electronic price for a few frequency charts
Communications Privacy Act" and a lot of folksy diatribe against
(ECPA for short), listening to some the ECPA. Kneitel may have got
kinds of telephone calls over the ten too used to writing monthly
radio is illegal. Which kinds? Well, magazine editorials and seems
it's hard to say. If it's from a car, unable to talk about cellular

BOOK REVIEW: TUNE IN ON TELEPHONE CALLS
phones without sniping a1 the military network used for patching

industry lobbyists and membf)rs of phone calls for uniformed person
Congress who sponsoreri the nel on ships or at U.S. bases over
ECPA. Although the ECPA is with seas.
out a doubt bad legislation that Although the book is informa
fails to understand the technnlogy tive, it is a skinny volume at a fat
it purports to regulate, Kn'9itel price. With a little trimming, it
spends far too much space ill an would have made a good article in
already sparse tome whining Popular Communications, and
about it, would only have cost $2.50 at the
For the complete novice, th0re's newsstand. For more complete
a short chapter on what kind of information on channel allocations,
equipment you'll need (a sc,mner Radio Shack sells the "Police Call
that covers the 870-896 Mhz cellu Radio Guide", which contains
lar band and a general coverage complete scanner frequency list
shortwave receiver), and a few tips ings for a particular area, This will
on antennas. Kneitel has (1 few tell you just about everything,
good words for the Radio Shack though it's in a hard to digest for
PRO-2004 scanner, which after a mat and you'll have to dig for what
quick modification (also described you want. For station listings in the
in the book) becomes an efficient shortwave band, which will include
machine for following cellular calls. a worldwide rundown of the mar
The book covers each portion of itime telephone frequencies and
the radio spectrum that contains military MARS frequencies (but
something to do with telephone again they'll be buried among a lot
calls. Car phones, cordless of other frequency listings), see
phones, wilderness and remote the "Confidential Frequency List",
area phones, radio common carri from Gilfer Shortwave (800-GIL
ers, beepers, local marine, region FER-1 or 201-391-7887, Box 239,
al marine, high seas marine, and 52 Park Avenue, Park Ridge, NJ
oil rigs. 07656.
Satellite and microwave links
are briefly touched upon, but the
equipment needed for intercepting @&3
microwave links isn't described. A
little miscellany that might not be Fint Friday of the month in
the lobby of the Citicorp
easily found elsewhere is also
included, such as telephone com Center, 53rd Street, between
3rd and leHington, NYC from
pany maintenance frequencies,
5pm to Spm. Call (516) 751
experimental air and railroad
2600 for more info.
phone services, and the MARS
Pug" ./6 260() Magazine Winter /988-89

IMPORTANT NOTICE
sing costs are forcing us to raise our sub

sc ion prices slightly. If you renew your
subscription before March 1st, you can beat
the increase. The old rates are to the left
and the new ones are to ght. You can
renew now even if your ion doesn't
expire for a long time. We'll just add the
t on. You have the choice of tearing out
s page and sending it back to us (your

address label on the back tells us who you
are) or sending one of your own pieces of
explaining just what it is you want.
Please note that even though it obviously
isn't the fourth quarter of 1988, this is the
Winter 1988 ion and not the Spring 1989
one. We're sorry for any confusion.
INDIVIDUAL SUBSCRIPTION
:.:.t 1 year/$15/$18 0 2 years/$28/$33 0 3 years/$41/$48
CORPORATE SUBSCRIPTION
o 1 year/$40/$45 ::J 2 years/$75/$85 0 3 years/$11 0/$125
OVERSEAS SUBSCRIPTION
:.:.t 1 year, individual/$25/$30 ::J 1 year, corporate/$55/$65
LIFETIME SUBSCRIPTION
[) $260 (you'll never have to deal with this again)
BACK ISSUES (never out of date and the same old price!)
.J 1984/$25 ::J 1985/$25 0 1986/$25 0 1987/$25
Q 1988/$25
TOTAL AMOUNT ENCLOSED:
CONTENTS
THE INTERNET WORM STORY 4
MCI RIPPING OFF CUSTOMERS 10
HACKER'S GUIDE TO UNIX 12
OVERHEARING PHONE CALLS 19
LETTERS 24
SOVIET OPERATORS 30
CHAOS COMPUTER CLUB 34
2600 MARKETPLACE 41
HARDWIRING FREE CALLS 42
REVIEW: TUNE IN ON PHONE CALLS 45
2600 Magazine SECOND CLASS POST AGE

PO DOH 152
Perm,1 Pend,"!! at
Middle Island, NY 11953 u.s.n. East Setauket. N Y
t 1733
ISSN 0749·3851
Forwarding and nddress Correction Requested

2600: The Hacker Quarterly (Volume 5, Number 4, Winter 1988)

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2600: The Hacker Quarterly (Volume 5, Number 4, Winter 1988)

Uploaded by

Copyright:

Available Formats

2600

The Hacker Ouarterly

Volume 5. Number 4 Winter, 1988-89

1884 saw the beginning of public call offices.

. r ... ..."........... ~........... «I..",Uk:n.... (·~uft. . . . . . . ~. .J.... .,

-. . . - _. __.. ­ I_ ... __ .... ..-.

till ........ 01 .... ptNII'f• ..u u.ouac u.. ......... JOUI""'"

1t . . . . . . :l_tuan~1S~"...~:un._,. . . . . . . . . . . . . . _ ....... "' . .

........ ~ .... _ , ........ lt . . . . . . .,CIHt......... ~.'CT ....... ML •

u.... ........-.... _ ....... ,. t.:MMC 4&1 VII" CIIilN..

uw- ... .,_ "'_oJ ... ~ ......,.,......,... _ '" _"'_

--. .... 4_~"".tII ~.~_ ... of IMta 10.. . . . . . ~ 1liI...,............

...-.""_ ... _ _..,11.-..-*"''"',,'''' ...... __ ..,... - ' 1 _ ...

............ _ _ _ _ _ .. ..u,.. L............. ____

Office Manager Artwork

Writers: Eric Corley, Thomas Covenant, John Drake, Mr. French,

Copyright (c) 1988. 2600 Enterprises, Inc.

Yearly subscription: U,S. and Canada" $15 individual, $40 corporate.

Overseas -- $25 individual, $55 corporate.

ADDRESS ALL SUBSCRIPTION CORRESPONDENCE TO: 26M Subscription Dept., P.O.

Box 752, Middle Island, NY 11953-0752.

99. Middle Island, NY 11953-0099.

Winter 1988-89 2600 Magazine Page 3

Page 4 2600 Magazine Winter 1988-89

limit how much it reads. If it reads special "popular" passwords:

with the command It lS pretty successful in bacchus, bailey,

"/bin/sh" (the finding passwords, as most banana, bananas,

bourne shell). So people don't choose them bandit, banks, bar­

Wimer 1988-89 2600 Magazine Page 5

enzyme, ersatz, establish, estate, outlaw. oxford.

Page 6 2600 Magazine Winter 1988·89

warren, water, weenie, what­ the parent keeps on trying new

Winter /988-89 2600 Magazine Page 7

Page 8 2600 Magazine Winter 1988-89

possible that the bytes sent to

DO YOU HAV£ A fULL SET

OF 2600 BACK ISSUES?

They're available at a rate of $25 per year ordered. Back issues

start with t 984 and indude every issue up to the present.

ONLY by year.) Send your order to:

2600 Back Issues

Middle Island. NY t 1953

Winter 1988-89 2600 Magazine Page 9

Page 10 2600 Magazine Winter 1988-89

by Red Knight get in.

commands, files before executing the rmdir.

Error Messages (UNIX system V) [command] not found - you have

Login incorrect - an invalid 10 and/or entered an invalid command which is

password was entered. This means not known to UNIX.

very little. In UNIX there is no way of can't execute pwd - something's

"age 12 2600 Magazine Winter /988-89

cannot chdlr to " - (.. means one

remote not in the systems file.

The first thing you must do is switch

Here is what you will see (some­

AT&T UNIX Sys VR3.0 (example of a Super User Accounts

Winter 1988-89 2600 Magazine Page 13

Password Entry $ is the UNIX prompt which means

Page 14 2600 Magazine Winter 1988-89

some tasks repeatedly over and over letcladm/sulog

again. You can program the shell to do letclmotd

this for you. letclgroup

The Kernal letclconf

-. . . - _. __.. I_ ... __ .... ..-.

bourne shell). So people don't choose them bandit, banks, bar

warren, water, weenie, what the parent keeps on trying new

Here is what you will see (some

"john" directory) permission, means remove permis

problem is that they got - > (osculating noises) I would

same one. The one - the phone with Brian this

< Totally different is the dif

everything. routines they want, construc

< You know -- it's also both now.